[DanoNH]

There should be a copy of FRST.exe on the desktop of the ill computer, but it may now complain about being outdated and prompt you to download a new copy.

 

To be on the safe side, download an updated 32-Bit copy of FRST from here: Farbar Recovery Scan Tool and save it to your USB stick.  On the infected computer, make sure all the files get copied to the Desktop.

 

Looking forward to resolving this one as best as we can.

[Advertisements]

Here is the logs you requested Dano thanks for the continued help.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015

Ran by Joseph at 2015-07-11 01:24:00 Run:1

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?

C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba

C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba

Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-08-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

CMD: netsh winsock reset catalog

*****************

 

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully

"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully.

C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba => folder moved successfully.

C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba => removed successfully.

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

 

=========  netsh winsock reset catalog =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

==== End of Fixlog 01:24:06 ====

 

 

 

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by Joseph (administrator) on 11-07-2015 at 01:25:41

Running from "C:\Users\Joseph\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

 

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

 

 

Firewall Disabled Policy: 

==================

"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Security Center:

============

 

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

 

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

 

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Other Services:

==============

Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

 

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\wscsvc.dll => File is digitally signed

C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\system32\wuaueng.dll => File is digitally signed

C:\Windows\system32\qmgr.dll => File is digitally signed

C:\Windows\system32\es.dll => File is digitally signed

C:\Windows\system32\cryptsvc.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[Jvescov1]

Here is the logs you requested Dano thanks for the continued help.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015

Ran by Joseph at 2015-07-11 01:24:00 Run:1

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?

C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba

C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba

Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-08-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

CMD: netsh winsock reset catalog

*****************

 

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully

"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully.

C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba => folder moved successfully.

C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba => removed successfully.

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

 

=========  netsh winsock reset catalog =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

==== End of Fixlog 01:24:06 ====

 

 

 

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by Joseph (administrator) on 11-07-2015 at 01:25:41

Running from "C:\Users\Joseph\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

 

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

 

 

Firewall Disabled Policy: 

==================

"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Security Center:

============

 

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

 

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

 

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Other Services:

==============

Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

 

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\wscsvc.dll => File is digitally signed

C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\system32\wuaueng.dll => File is digitally signed

C:\Windows\system32\qmgr.dll => File is digitally signed

C:\Windows\system32\es.dll => File is digitally signed

C:\Windows\system32\cryptsvc.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[DanoNH]

Did you restart the computer after the FRST fix?  

 

Did you try connecting to the Internet?

 

If not, please reboot and try connecting to the Internet.  How is the computer running?

[DanoNH]

Let's try to fix up some broken services.


Now
Run Windows Repair (All In One) from a USB Flash Drive

On a "clean" computer with Internet access:

Please download Windows Repair All-In-One Portable by Tweaking.com to your flash drive..

• Extract the downloaded zip file to your USB thumb drive by right-clicking on the file and selecting Extract...
• Plug the USB drive/stick into the ill computer.
• On the ill computer, open My Computer, and browse to your USB drive.  Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
  • When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
    
  • Now, select the Repairs tab, then click on the "Open Repairs" button:
    
  • Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue.  (Note that System Restore will not work in Safe Mode.)  Agree to any User Account Control prompts.
    
    NOTE: The below image is only an example.
    
  • Please select the following items:
    • 01 - Reset Registry Permissions
    • 02 - Reset File Permissions
    • 03 - Reset Service Permissions
    • 04 - Register System Files
    • 05 - Repair WMI
    • 06 - Repair Windows Firewall
    • 07 - Repair Internet Explorer
    • 09 - Repair Hosts File
    • 10 - Remove Policies Set by Infections
    • 13 - Repair Winsock & DNS Cache
    • 14 - Remove Temp Files
    • 15 - Repair Proxy Settings
    • 16 - Unhide Non System Files
    • 21 - Repair MSI (Windows Installer)
    • 23 - Repair File Associations
    • 26 - Restore Important Windows Services
    • 27 - Set Windows Services to Default Startup
    • 32 - Restore UAC (User Account Control) Settings
    • 33 - Repair Performance Counters
  • Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
  • Then click on the Start Repairs button if it doesn't do it automatically
  • If it asks you to back up your system click Yes and continue
• After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply.
• The computer should reboot automatically.

Please also tell me how the computer is running and again check your Internet access.

[Jvescov1]

heres the log you requested.

 

 

 

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

 

System Variables

--------------------------------------------------------------------------------

OS: Windows Vista ™ Home Premium

OS Architecture: 32-bit

OS Version: 6.0.6002

OS Service Pack: Service Pack 2

Computer Name: JOSEPH-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Current Profile: C:\Users\Joseph

Current Profile SID: S-1-5-21-2013592473-1583479073-1329353095-1000

Current Profile Classes: S-1-5-21-2013592473-1583479073-1329353095-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Joseph\AppData\Local

--------------------------------------------------------------------------------

 

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:13:53

 

Process Count: 71

Commit Total: 1.60 GB

Commit Limit: 4.24 GB

Commit Peak: 1.69 GB

Handle Count: 17069

Kernel Total: 158.64 MB

Kernel Paged: 113.70 MB

Kernel Non Paged: 44.94 MB

System Cache: 832.57 MB

Thread Count: 749

--------------------------------------------------------------------------------

 

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 2.00 GB

Memory Used: 1.46 GB(73.1368%)

Memory Avail.: 549.41 MB

--------------------------------------------------------------------------------

 

Cleaning Memory Before Starting Repairs...

 

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 2.00 GB

Memory Used: 1.08 GB(53.8987%)

Memory Avail.: 942.87 MB

--------------------------------------------------------------------------------

 

Starting Repairs...

   Started at (7/12/2015 12:21:06 AM)

 

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 68

 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (7/12/2015 12:21:09 AM)

 

   Running Repair Under Current User Account

   Done (7/12/2015 12:22:03 AM)

 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (7/12/2015 12:22:03 AM)

 

   Running Repair Under System Account

   Done (7/12/2015 12:31:36 AM)

 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (7/12/2015 12:31:36 AM)

 

   Running Repair Under System Account

   Done (7/12/2015 12:33:27 AM)

 

03 - Reset Service Permissions

   Start (7/12/2015 12:33:27 AM)

 

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:34:00 AM)

 

04 - Register System Files

   Start (7/12/2015 12:34:00 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:34:36 AM)

 

05 - Repair WMI

   Start (7/12/2015 12:34:36 AM)

 

   Starting Security Center So We Can Export The Security Info.

 

   Exporting Antivirus Info...

   avast! antivirus Exported.

 

   Exporting AntiSpyware Info...

   avast! antivirus Exported.

   Windows Defender Exported.

 

   Exporting 3rd Party Firewall Info...

   No Firewall Products Reported.

 

   Running Repair Under Current User Account

   Done (7/12/2015 12:41:16 AM)

 

06 - Repair Windows Firewall

   Start (7/12/2015 12:41:16 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:41:26 AM)

 

07 - Repair Internet Explorer

   Start (7/12/2015 12:41:26 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:41:57 AM)

 

09 - Repair Hosts File

   Start (7/12/2015 12:41:58 AM)

   Running Repair Under System Account

   Done (7/12/2015 12:41:59 AM)

 

10 - Remove Policies Set By Infections

   Start (7/12/2015 12:41:59 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:42:04 AM)

 

13 - Repair Winsock & DNS Cache

   Start (7/12/2015 12:42:04 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:42:22 AM)

 

14 - Remove Temp Files

   Start (7/12/2015 12:42:22 AM)

   Running Repair Under System Account

   Done (7/12/2015 12:42:25 AM)

 

15 - Repair Proxy Settings

   Start (7/12/2015 12:42:25 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:42:27 AM)

 

16 - Unhide Non System Files

   Start (7/12/2015 12:42:27 AM)

   C:\ - Total Files Unhidden: 375 - Check Unhidden_Files.txt for list of files unhidden

   D:\ - Total Files Unhidden: 28 - Check Unhidden_Files.txt for list of files unhidden

   Done (7/12/2015 12:42:54 AM)

 

21 - Repair MSI (Windows Installer)

   Start (7/12/2015 12:42:54 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:09 AM)

 

23.01 - Repair bat Association

   Start (7/12/2015 12:43:09 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:11 AM)

 

23.02 - Repair cmd Association

   Start (7/12/2015 12:43:11 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:14 AM)

 

23.03 - Repair com Association

   Start (7/12/2015 12:43:14 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:16 AM)

 

23.04 - Repair Directory Association

   Start (7/12/2015 12:43:16 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:18 AM)

 

23.05 - Repair Drive Association

   Start (7/12/2015 12:43:18 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:21 AM)

 

23.06 - Repair exe Association

   Start (7/12/2015 12:43:21 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:23 AM)

 

23.07 - Repair Folder Association

   Start (7/12/2015 12:43:23 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:25 AM)

 

23.08 - Repair inf Association

   Start (7/12/2015 12:43:25 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:27 AM)

 

23.09 - Repair lnk (Shortcuts) Association

   Start (7/12/2015 12:43:27 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:30 AM)

 

23.10 - Repair msc Association

   Start (7/12/2015 12:43:30 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:32 AM)

 

23.11 - Repair reg Association

   Start (7/12/2015 12:43:32 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:34 AM)

 

23.12 - Repair scr Association

   Start (7/12/2015 12:43:34 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:37 AM)

 

26 - Restore Important Windows Services

   Start (7/12/2015 12:43:37 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:49 AM)

 

27 - Set Windows Services To Default Startup

   Start (7/12/2015 12:43:49 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:43:59 AM)

 

32 - Restore UAC (User Account Control) Settings

   Start (7/12/2015 12:43:59 AM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/12/2015 12:44:01 AM)

 

33 - Repair Performance Counters

   Start (7/12/2015 12:44:01 AM)

   Running Repair Under Current User Account

   Done (7/12/2015 12:44:24 AM)

 

Cleaning up empty logs...

 

All Selected Repairs Done.

   Done at (7/12/2015 12:44:25 AM)

   Total Repair Time: 00:23:21

 

 

...YOU MUST RESTART YOUR SYSTEM...

[DanoNH]

Log looks good.  A couple of questions for you:

1. How is the computer running?
2. Can you access the Internet now?

Let's Run FSS again to have a look at what the Windows Repair tool was able to do:

 

Run a scan with Farbar Service Scanner (FSS)

Please download Farbar Service Scanner, save it to the Desktop, and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the contents of the log to your reply.

 

 

[DanoNH]

Note: You can run FSS from your USB stick or the Desktop of the ill computer if you still have a copy there.  Just be careful to post the contents of the new log here please, as there are already FSS logs that have been generated.

[Jvescov1]

Hi there dano! been messing around for about 5 mins seems to be running fairly okay whenever i start up the computer i do get a pop up about AVGUI error or something along those lines along with several IOBIT program popups for updates and stuff of that nature but that's all those programs and stuff i came here for originally before we found this other little nasty problem. im currently writing this on the "ill" computer as i type there seems to be a slight lag every so often like its doing some processing that doesn't seem normal.the right click has quite a bit of lag to it as well nothin unbearable but def not the norm.

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by Joseph (administrator) on 12-07-2015 at 23:56:33

Running from "C:\Users\Joseph\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Security Center:

============

 

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\wscsvc.dll => File is digitally signed

C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\system32\wuaueng.dll => File is digitally signed

C:\Windows\system32\qmgr.dll => File is digitally signed

C:\Windows\system32\es.dll => File is digitally signed

C:\Windows\system32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\system32\ipnathlp.dll => File is digitally signed

C:\Windows\system32\iphlpsvc.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[DanoNH]

Hello jvescov1,

 

More progress!   If you have questions or get stuck, let me know and stop where you are please.

 

Here we go...

 

First
Run a registry fix

 

Please download this file (wscsvc.reg) to the Desktop.

Right-click on the file, and select Merge.

Accept any UAC or administrator prompts and acknowledge the registry merge completion message.

If this fails, please stop and let me know the error you get.

Second
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

• Shut down your protection software now to avoid potential conflicts.  See here for more information.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Third
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Do not click the Cleaning button.
• Click the Logfile button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

 

Fourth
Run FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(http://www.bleepingc...very-scan-tool/)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

• Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
• Make sure the Addition.txt check-box is checked.
  
• Press Scan button.
• It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please copy and paste the contents of both of those logs back here.

Finally
In your next reply, please copy/paste the contents of the following logs:

• JRT
• AdwCleaner
• FRST.txt
• Addition.txt

And tell me how the system is running.

 

[Jvescov1]

yay! progress sounds amazing. computer seems to be running good. here are the new logs.

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.4.7 (07.13.2015:1)

OS: Windows Vista ™ Home Premium x86

Ran by Joseph on Mon 07/13/2015 at 13:04:03.45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully deleted: [Service] secureupdatesvc [Reboot required]

Successfully deleted: [Service] vToolbarUpdater18.5.0 [Reboot required]

Successfully deleted: [Service] yahooauservice [Reboot required]

 

 

 

~~~ Tasks

 

Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Scan

Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster SkipUAC (Joseph)

Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Update

Successfully deleted: [Task] C:\Windows\System32\tasks\EPUpdater

Successfully deleted: [Task] C:\Windows\System32\tasks\IHUninstallTrackingTASK

Successfully deleted: [Task] C:\Windows\System32\tasks\PC Optimizer Pro startups

Successfully deleted: [Task] C:\Windows\System32\tasks\SmartDefrag4_Startup

Successfully deleted: [Task] C:\Windows\System32\tasks\Uninstaller_SkipUac_Joseph

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23F88292-FB5A-4907-9DCB-119FE1A39D3B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{675C3109-8FD5-4F4F-BA3E-0CB46B6DA0CA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311431162}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311431162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Program Files\GUT95BA.tmp

Successfully deleted: [File] C:\Program Files\GUTC582.tmp

Successfully deleted: [File] C:\Users\Joseph\appdata\local\google\chrome\user data\default\local storage\chrome-extension_icdlfehblmklkikfigmjhbmmpmkmpooj_0.localstorage

Successfully deleted: [File] C:\Users\Joseph\desktop\atdhenettvapp.lnk

 

 

 

~~~ Folders

 

Failed to delete: [Folder] C:\Program Files\secure speed dial

Successfully deleted: [Folder] C:\Program Files\atdhenettvapp.com

Successfully deleted: [Folder] C:\Program Files\avg safeguard toolbar

Successfully deleted: [Folder] C:\Program Files\Common Files\spigot

Successfully deleted: [Folder] C:\Program Files\conduit

Successfully deleted: [Folder] C:\Program Files\dnsbasic

Successfully deleted: [Folder] C:\Program Files\infoatoms

Successfully deleted: [Folder] C:\Program Files\IObit\Driver Booster

Successfully deleted: [Folder] C:\Program Files\mypc backup

Successfully deleted: [Folder] C:\Program Files\out of the park developments

Successfully deleted: [Folder] C:\Program Files\red kawa

Successfully deleted: [Folder] C:\Program Files\winzip registry optimizer

Successfully deleted: [Folder] C:\ProgramData\avg safeguard toolbar

Successfully deleted: [Folder] C:\ProgramData\babylon

Successfully deleted: [Folder] C:\ProgramData\dnsbasic

Successfully deleted: [Folder] C:\ProgramData\esellerate

Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster

Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver booster 2

Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\out of the park developments

Successfully deleted: [Folder] C:\ProgramData\out of the park developments

Successfully deleted: [Folder] C:\ProgramData\productdata

Successfully deleted: [Folder] C:\ProgramData\tarma installer

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\avg safeguard toolbar

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\conduit

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\cre

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\swvupdater

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\visi_coupon

Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\avg safeguard toolbar

Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\conduit

Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\delta

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\babylon

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\IObit\Driver Booster

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\microsoft\windows\start menu\programs\atdhenettvapp.com

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\nico mak computing

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\out of the park developments

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\productdata

 

 

 

~~~ FireFox

 

Failed to delete: [File] C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\user.js

Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected] [Tracur]

Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]

Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]

Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\searchplugins\aol-search.xml

Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\searchplugins\safeguard-secure-search.xml

Successfully deleted: [Folder] C:\Program Files\Mozilla Firefox\extensions\[email protected]

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\smartbar

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}

Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]

Successfully deleted the following from C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\prefs.js

 

user_pref(CT3287375.1000082.isPlayDisplay, true);

user_pref(CT3287375.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.

user_pref(CT3287375.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});

user_pref(CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});

user_pref(CT3287375.FF19Solved, true);

user_pref(CT3287375.FirstTime, true);

user_pref(CT3287375.FirstTimeFF3, true);

user_pref(CT3287375.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NDYyNDIxMA==);

user_pref(CT3287375.PG_ENABLE, dHJ1ZQ==);

user_pref(CT3287375.PG_ENABLE.enc, dHJ1ZQ==);

user_pref(CT3287375.SF_JUST_INSTALLED.enc, RkFMU0U=);

user_pref(CT3287375.SF_STATUS.enc, RU5BQkxFRA==);

user_pref(CT3287375.SF_USER_ID.enc, Y2lkXzIzNzIwMTMxNzMxNzUyMzMxNDI=);

user_pref(CT3287375.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);

user_pref(CT3287375.UserID, UN40443446851106414);

user_pref(CT3287375.YTbyClickFavorites.enc, W10=);

user_pref(CT3287375.YTbyClickRecent.enc, JTVCJTdCJTIyaWQlMjIlM0ElMjJTQWQzSjZjdnl2RSUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyRHlydXMlMjBEb2luZyUyMFB1c2h1cHMlMjBmb3IlMjAlMjQ1JTIyJTJDJTI

user_pref(CT3287375.acp_personal.appstate.enc, ZW5hYmxl);

user_pref(CT3287375.addressBarTakeOverEnabledInHidden, true);

user_pref(CT3287375.autoDisableScopes, -1);

user_pref(CT3287375.browser.search.defaultthis.engineName, true);

user_pref(CT3287375.cb_experience_000.enc, Nw==);

user_pref(CT3287375.cb_firstuse0100.enc, MQ==);

user_pref(CT3287375.cb_user_id_000.enc, Q0IyMDcwNDQxMzk1MzlfMTM2NzA0MTcxMTMyN19GaXJlZm94);

user_pref(CT3287375.cbfirsttime.enc, RnJpIEFwciAyNiAyMDEzIDIyOjQ4OjMxIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);

user_pref(CT3287375.defaultSearch, true);

user_pref(CT3287375.embeddedsData, [{\appId\:\10000002\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm

user_pref(CT3287375.enableAlerts, true);

user_pref(CT3287375.enableFix404ByUser, TRUE);

user_pref(CT3287375.enableSearchFromAddressBar, true);

user_pref(CT3287375.firstTimeDialogOpened, true);

user_pref(CT3287375.fixPageNotFoundError, true);

user_pref(CT3287375.fixPageNotFoundErrorByUser, true);

user_pref(CT3287375.fixPageNotFoundErrorInHidden, true);

user_pref(CT3287375.fixUrls, true);

user_pref(CT3287375.fullUserID, UN40443446851106414.UP.20130811132039);

user_pref(CT3287375.homepageuserchanged, true);

user_pref(CT3287375.installDate, 26/4/2013 18:02:58);

user_pref(CT3287375.installId, stub.exe);

user_pref(CT3287375.installSessionId, {1D20C1FD-5541-4CE3-B854-3B5CD8608AD2});

user_pref(CT3287375.installSp, TRUE);

user_pref(CT3287375.installType, conduitnsisintegration);

user_pref(CT3287375.installUsage, 2013-04-27T04:59:31.0165041+03:00);

user_pref(CT3287375.installUsageEarly, 2013-04-27T04:59:24.7609442+03:00);

user_pref(CT3287375.installerVersion, 1.4.1.3);

user_pref(CT3287375.isCheckedStartAsHidden, true);

user_pref(CT3287375.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});

user_pref(CT3287375.isFirstTimeToolbarLoading, false);

user_pref(CT3287375.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});

user_pref(CT3287375.keyword, true);

user_pref(CT3287375.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN4044344685110641

user_pref(CT3287375.lastVersion, 10.16.70.505);

user_pref(CT3287375.mam_gk_appStateReportTime.enc, MTM4MDUwMTYzNjUwNw==);

user_pref(CT3287375.mam_gk_appState_CouponBuddy.enc, b24=);

user_pref(CT3287375.mam_gk_appState_PiclickV2.enc, b24=);

user_pref(CT3287375.mam_gk_appState_PriceGong.enc, b24=);

user_pref(CT3287375.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV

user_pref(CT3287375.mam_gk_appsDefaultEnabled.enc, bnVsbA==);

user_pref(CT3287375.mam_gk_calledSetupService.enc, MQ==);

user_pref(CT3287375.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJkY2E5NjlkMi1kNGEzLTRhODMtYj

user_pref(CT3287375.mam_gk_currentBadgeValue.enc, MA==);

user_pref(CT3287375.mam_gk_currentVersion.enc, MS4xMC40LjA=);

user_pref(CT3287375.mam_gk_eventsCache.enc, eyI4YWI5ZWRmZC05NzZmLTQzNWMtYmQ0Ni1mNmJiMDdmYjg0MWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv

user_pref(CT3287375.mam_gk_existingUsersRecoveryDone.enc, MQ==);

user_pref(CT3287375.mam_gk_first_time.enc, MQ==);

user_pref(CT3287375.mam_gk_gadgetOpen.enc, MA==);

user_pref(CT3287375.mam_gk_lastLoginTime.enc, MTM4MDUwMTY0OTQwMA==);

user_pref(CT3287375.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM

user_pref(CT3287375.mam_gk_mamEnabled.enc, dHJ1ZQ==);

user_pref(CT3287375.mam_gk_newApps.enc, W10=);

user_pref(CT3287375.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);

user_pref(CT3287375.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo

user_pref(CT3287375.mam_gk_settings1.5.0.3.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu

user_pref(CT3287375.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi

user_pref(CT3287375.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi

user_pref(CT3287375.mam_gk_showCloseButton.enc, dHJ1ZQ==);

user_pref(CT3287375.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);

user_pref(CT3287375.mam_gk_userId.enc, OTQ2YTljYWEtM2Y0MC00MDBlLTg4NGQtZTkwMzlkNmM5MGY0);

user_pref(CT3287375.mam_gk_user_approval_interacted.enc, MQ==);

user_pref(CT3287375.mam_gk_welcomeDialogMode.enc, MQ==);

user_pref(CT3287375.migrateAppsAndComponents, true);

user_pref(CT3287375.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_

user_pref(CT3287375.openThankYouPage, false);

user_pref(CT3287375.openUninstallPage, true);

user_pref(CT3287375.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);

user_pref(CT3287375.price-gong.isManagedApp, true);

user_pref(CT3287375.revertSettingsEnabled, false);

user_pref(CT3287375.search.searchAppId, 10000002);

user_pref(CT3287375.search.searchCount, 0);

user_pref(CT3287375.searchFromAddressBarEnabledByUser, true);

user_pref(CT3287375.searchInNewTabEnabledByUser, true);

user_pref(CT3287375.searchInNewTabEnabledInHidden, true);

user_pref(CT3287375.searchRevert, false);

user_pref(CT3287375.searchSuggestEnabledByUser, true);

user_pref(CT3287375.searchUserMode, 2);

user_pref(CT3287375.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});

user_pref(CT3287375.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});

user_pref(CT3287375.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});

user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3287375\});

user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://Vafmusic.OurToolbar.com//xpi\});

user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\Vafmusic\});

user_pref(CT3287375.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});

user_pref(CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1367027971523);

user_pref(CT3287375.serviceLayer_services_appsMetadata_lastUpdate, 1367040620523);

user_pref(CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1367027971099);

user_pref(CT3287375.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1367027968659);

user_pref(CT3287375.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1367027975265);

user_pref(CT3287375.serviceLayer_services_location_lastUpdate, 1367115767529);

user_pref(CT3287375.serviceLayer_services_login_10.15.2.23_lastUpdate, 1367115766437);

user_pref(CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1367027971481);

user_pref(CT3287375.serviceLayer_services_searchAPI_lastUpdate, 1367115766224);

user_pref(CT3287375.serviceLayer_services_serviceMap_lastUpdate, 1367115764653);

user_pref(CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate, 1367027971055);

user_pref(CT3287375.serviceLayer_services_toolbarSettings_lastUpdate, 1367115765697);

user_pref(CT3287375.serviceLayer_services_translation_lastUpdate, 1367115764808);

user_pref(CT3287375.settingsINI, true);

user_pref(CT3287375.shouldFirstTimeDialog, false);

user_pref(CT3287375.showToolbarPermission, false);

user_pref(CT3287375.smartbar.CTID, CT3287375);

user_pref(CT3287375.smartbar.Uninstall, 0);

user_pref(CT3287375.smartbar.homepage, true);

user_pref(CT3287375.smartbar.toolbarName, Vafmusic );

user_pref(CT3287375.startPage, true);

user_pref(CT3287375.toolbarBornServerTime, 27-4-2013);

user_pref(CT3287375.toolbarCurrentServerTime, 28-4-2013);

user_pref(CT3287375.toolbarLoginClientTime, Fri Apr 26 2013 18:59:31 GMT-0700 (Pacific Daylight Time));

user_pref(CT3287375.url_history0001.enc, aHR0cDovL2Rvd25sb2FkLmNuZXQuY29tL3dpbmRvd3MvOjo6Y2xpY2toYW5kbGVyOjo6MTM2NzA0MTcxMjEwMiwsLGh0dHBzOi8vd3d3Lmdvb2dsZS5jb206OjpjbGlja2h

user_pref(CT3287375.versionFromInstaller, 10.15.2.23);

user_pref(CT3287375_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501595142,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}

user_pref(CT3289847.1000082.isPlayDisplay, true);

user_pref(CT3289847.1000082.state, {\state\:\stopped\,\text\:\1.FM (Cou...\,\description\:\1.FM (Country)\,\url\:\hxxp://1.fm/wm/energycountry32k.asx\});

user_pref(CT3289847.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});

user_pref(CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});

user_pref(CT3289847.FF19Solved, true);

user_pref(CT3289847.FirstTime, true);

user_pref(CT3289847.FirstTimeFF3, true);

user_pref(CT3289847.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NDYyNDIyNA==);

user_pref(CT3289847.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc, MTM3NDYyNDI1NA==);

user_pref(CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MQ==);

user_pref(CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MTM3NDYyNDI1NA==);

user_pref(CT3289847.PG_ENABLE, dHJ1ZQ==);

user_pref(CT3289847.PG_ENABLE.enc, dHJ1ZQ==);

user_pref(CT3289847.SF_JUST_INSTALLED.enc, RkFMU0U=);

user_pref(CT3289847.SF_STATUS.enc, RU5BQkxFRA==);

user_pref(CT3289847.SF_USER_ID.enc, Y2lkXzIzNzIwMTMxNzMyMjk2NTM5ODc=);

user_pref(CT3289847.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN34716991527094572&UM=2&q=);

user_pref(CT3289847.UserID, UN34716991527094572);

user_pref(CT3289847.acp_personal.appstate.enc, ZW5hYmxl);

user_pref(CT3289847.addressBarTakeOverEnabledInHidden, true);

user_pref(CT3289847.browser.search.defaultthis.engineName, true);

user_pref(CT3289847.cbfirsttime.enc, VHVlIEp1bCAyMyAyMDEzIDE3OjAzOjQ0IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);

user_pref(CT3289847.defaultSearch, true);

user_pref(CT3289847.embeddedsData, [{\appId\:\130068661007799818\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get

user_pref(CT3289847.enableAlerts, true);

user_pref(CT3289847.enableFix404ByUser, TRUE);

user_pref(CT3289847.enableSearchFromAddressBar, true);

user_pref(CT3289847.firstTimeDialogOpened, true);

user_pref(CT3289847.fixPageNotFoundError, true);

user_pref(CT3289847.fixPageNotFoundErrorByUser, true);

user_pref(CT3289847.fixPageNotFoundErrorInHidden, true);

user_pref(CT3289847.fixUrls, true);

user_pref(CT3289847.fullUserID, UN34716991527094572.UP.20130818160054);

user_pref(CT3289847.homepageuserchanged, true);

user_pref(CT3289847.hxxp___api18_similarsites_com.pid2.enc, ZWQ4MTJkMzJkMTUyNjliNw==);

user_pref(CT3289847.hxxp___api28_starwebnet_com.pid2.enc, Mzg5NDZkM2MtODBkOC0zNjI1LTUxMWMtMGYwN2YyZmM3NzFk);

user_pref(CT3289847.hxxp___api29_starwebnet_com.pid2.enc, ODk5YjU0NjktN2E2Yy1jYzc0LTk1MTAtZWRhNWUzYWE1ZDY5);

user_pref(CT3289847.hxxp___api30_starwebnet_com.pid2.enc, Y2JjOTRkMTUtYjNlOC1lZTZhLWY2N2YtNmZkM2M3MDhmMDA4);

user_pref(CT3289847.hxxp___api32_starwebnet_com.pid2.enc, YWIyYjg0ZTYtOGIwYy02ZmVlLTNhNjMtMjgxODhhNzYwNzA2);

user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc, cmVzaXphYmxlPXllcywgc2Nyb2xsYmFycz15ZXMsIGhzY3JvbGw9bm8gLHZzY3JvbGw9bm8sIHRpdGxlYmFyPXllcywgY

user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc, eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=);

user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc, eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx

user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc, ZjYxZTIzYmMtNzUwMC0zZTExLWU0ZDAtMGFiODNlYjkzZjVi);

user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc, MjAxMjA4MDItMDAw);

user_pref(CT3289847.installDate, 26/4/2013 18:04:03);

user_pref(CT3289847.installId, 9818);

user_pref(CT3289847.installSessionId, -1);

user_pref(CT3289847.installSp, TRUE);

user_pref(CT3289847.installType, conduitnsisintegration);

user_pref(CT3289847.installerVersion, 1.4.1.3);

user_pref(CT3289847.isCheckedStartAsHidden, true);

user_pref(CT3289847.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});

user_pref(CT3289847.isFirstTimeToolbarLoading, false);

user_pref(CT3289847.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});

user_pref(CT3289847.keyword, true);

user_pref(CT3289847.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN3471699152709457

user_pref(CT3289847.lastVersion, 10.16.9.506);

user_pref(CT3289847.mam_gk_appStateReportTime.enc, MTM4MDUwMTY1NTc2Ng==);

user_pref(CT3289847.mam_gk_appState_CouponBuddy.enc, b24=);

user_pref(CT3289847.mam_gk_appState_Easytobook.enc, b24=);

user_pref(CT3289847.mam_gk_appState_Easytobook_targeted.enc, b24=);

user_pref(CT3289847.mam_gk_appState_PriceGong.enc, b24=);

user_pref(CT3289847.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV

user_pref(CT3289847.mam_gk_appsDefaultEnabled.enc, bnVsbA==);

user_pref(CT3289847.mam_gk_calledSetupService.enc, MQ==);

user_pref(CT3289847.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImNkN2U4ZDI3LWJlNDEtNDcxYi1iMDViLTZjZWUyNm

user_pref(CT3289847.mam_gk_currentVersion.enc, MS4xMC40LjA=);

user_pref(CT3289847.mam_gk_eventsCache.enc, eyJkMjg3Nzg4OC1lZWUxLTQ2MDEtOTA3NC03MDdiYmNiMjhiOWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv

user_pref(CT3289847.mam_gk_existingUsersRecoveryDone.enc, MQ==);

user_pref(CT3289847.mam_gk_first_time.enc, MQ==);

user_pref(CT3289847.mam_gk_gadgetOpen.enc, MA==);

user_pref(CT3289847.mam_gk_installer_preapproved.enc, ZmFsc2U=);

user_pref(CT3289847.mam_gk_lastLoginTime.enc, MTM3NjI1MjQ4MTA5OQ==);

user_pref(CT3289847.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM

user_pref(CT3289847.mam_gk_mamEnabled.enc, dHJ1ZQ==);

user_pref(CT3289847.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);

user_pref(CT3289847.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzEiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI

user_pref(CT3289847.mam_gk_settings1.4.4.6.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu

user_pref(CT3289847.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5j

user_pref(CT3289847.mam_gk_settings1.8.0.999.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIj

user_pref(CT3289847.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi

user_pref(CT3289847.mam_gk_showCloseButton.enc, dHJ1ZQ==);

user_pref(CT3289847.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);

user_pref(CT3289847.mam_gk_userId.enc, NDcwOGI3NGItZjAyMS00OTMxLWIwN2EtY2U2NTkzYWVhMmFh);

user_pref(CT3289847.mam_gk_user_approval_interacted.enc, MQ==);

user_pref(CT3289847.mam_gk_welcomeDialogMode.enc, MQ==);

user_pref(CT3289847.migrateAppsAndComponents, true);

user_pref(CT3289847.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_

user_pref(CT3289847.openThankYouPage, false);

user_pref(CT3289847.openUninstallPage, true);

user_pref(CT3289847.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);

user_pref(CT3289847.price-gong.isManagedApp, true);

user_pref(CT3289847.revertSettingsEnabled, true);

user_pref(CT3289847.search.searchAppId, 130068661007799818);

user_pref(CT3289847.search.searchCount, 0);

user_pref(CT3289847.searchFromAddressBarEnabledByUser, true);

user_pref(CT3289847.searchInNewTabEnabledByUser, true);

user_pref(CT3289847.searchInNewTabEnabledInHidden, true);

user_pref(CT3289847.searchRevert, true);

user_pref(CT3289847.searchSuggestEnabledByUser, true);

user_pref(CT3289847.searchUserMode, 2);

user_pref(CT3289847.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});

user_pref(CT3289847.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});

user_pref(CT3289847.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});

user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3289847\});

user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://WhiteSmokeNew.OurToolbar.com//xpi\});

user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\WhiteSmoke New\});

user_pref(CT3289847.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});

user_pref(CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1367024990417);

user_pref(CT3289847.serviceLayer_services_appsMetadata_lastUpdate, 1367024989655);

user_pref(CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1367024989748);

user_pref(CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1367444761338);

user_pref(CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1367444761339);

user_pref(CT3289847.serviceLayer_services_location_lastUpdate, 1367024987072);

user_pref(CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate, 1367115761289);

user_pref(CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1367024989791);

user_pref(CT3289847.serviceLayer_services_searchAPI_lastUpdate, 1367024987079);

user_pref(CT3289847.serviceLayer_services_serviceMap_lastUpdate, 1367115759725);

user_pref(CT3289847.serviceLayer_services_setupAPI_lastUpdate, 1367024990448);

user_pref(CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate, 1367024989711);

user_pref(CT3289847.serviceLayer_services_toolbarSettings_lastUpdate, 1367115761270);

user_pref(CT3289847.serviceLayer_services_translation_lastUpdate, 1367115761095);

user_pref(CT3289847.settingsINI, true);

user_pref(CT3289847.shouldFirstTimeDialog, false);

user_pref(CT3289847.showToolbarPermission, false);

user_pref(CT3289847.smartbar.CTID, CT3289847);

user_pref(CT3289847.smartbar.Uninstall, 0);

user_pref(CT3289847.smartbar.homepage, true);

user_pref(CT3289847.smartbar.toolbarName, WhiteSmoke New );

user_pref(CT3289847.startPage, true);

user_pref(CT3289847.toolbarBornServerTime, 27-4-2013);

user_pref(CT3289847.toolbarCurrentServerTime, 28-4-2013);

user_pref(CT3289847.toolbarLoginClientTime, Tue Apr 30 2013 19:56:48 GMT-0700 (Pacific Daylight Time));

user_pref(CT3289847.url_history0001.enc, aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjcwMjU1NDIwMDE=);

user_pref(CT3289847.versionFromInstaller, 10.14.380.14);

user_pref(CT3289847_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501593902,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}

user_pref(CT3291326.1000082.isPlayDisplay, true);

user_pref(CT3291326.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.

user_pref(CT3291326.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});

user_pref(CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});

user_pref(CT3291326.FF19Solved, true);

user_pref(CT3291326.FirstTime, true);

user_pref(CT3291326.FirstTimeFF3, true);

user_pref(CT3291326.PG_ENABLE, dHJ1ZQ==);

user_pref(CT3291326.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3291326&ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);

user_pref(CT3291326.UserID, UN53133852618265168);

user_pref(CT3291326.addressBarTakeOverEnabledInHidden, true);

user_pref(CT3291326.autoDisableScopes, 15);

user_pref(CT3291326.browser.search.defaultthis.engineName, true);

user_pref(CT3291326.countryCode, US);

user_pref(CT3291326.defaultSearch, true);

user_pref(CT3291326.embeddedsData, [{\appId\:\130075605275743079\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get

user_pref(CT3291326.enableAlerts, true);

user_pref(CT3291326.enableFix404ByUser, TRUE);

user_pref(CT3291326.enableSearchFromAddressBar, true);

user_pref(CT3291326.enlargeSearchBox, {\enabled\:true,\maxWidth\:1000,\minWidth\:250,\width\:500});

user_pref(CT3291326.firstTimeDialogOpened, true);

user_pref(CT3291326.fixPageNotFoundError, true);

user_pref(CT3291326.fixPageNotFoundErrorByUser, true);

user_pref(CT3291326.fixPageNotFoundErrorInHidden, true);

user_pref(CT3291326.fixUrls, true);

user_pref(CT3291326.fullUserID, UN53133852618265168.IN.20130713102155);

user_pref(CT3291326.installDate, 13/07/2013 10:21:53);

user_pref(CT3291326.installId, stub.exe);

user_pref(CT3291326.installSessionId, {10EAE2A8-CA68-4CC9-9AAF-8F7D2D25BC86});

user_pref(CT3291326.installSp, TRUE);

user_pref(CT3291326.installType, conduitnsisintegration);

user_pref(CT3291326.installUsage, 2013-07-24T03:02:42.5666644+03:00);

user_pref(CT3291326.installUsageEarly, 2013-07-24T03:02:28.3875+03:00);

user_pref(CT3291326.installerVersion, 1.5.4.4);

user_pref(CT3291326.isCheckedStartAsHidden, true);

user_pref(CT3291326.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});

user_pref(CT3291326.isFirstTimeToolbarLoading, false);

user_pref(CT3291326.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});

user_pref(CT3291326.keyword, true);

user_pref(CT3291326.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN5313385261826516

user_pref(CT3291326.lastVersion, 10.16.70.505);

user_pref(CT3291326.mam_gk_appStateReportTime.enc, MTM4MDUwMTY0OTczNQ==);

user_pref(CT3291326.mam_gk_appState_ACplus.enc, b24=);

user_pref(CT3291326.mam_gk_appState_CouponBuddy.enc, b24=);

user_pref(CT3291326.mam_gk_appState_Discover.enc, b24=);

user_pref(CT3291326.mam_gk_appState_Easytobook.enc, b24=);

user_pref(CT3291326.mam_gk_appState_Easytobook_targeted.enc, b24=);

user_pref(CT3291326.mam_gk_appState_Find-a-Pro.enc, b24=);

user_pref(CT3291326.mam_gk_appState_PiclickV2-WebSearch.enc, b24=);

user_pref(CT3291326.mam_gk_appState_PriceGong.enc, b24=);

user_pref(CT3291326.mam_gk_appState_WindowShopper.enc, b24=);

user_pref(CT3291326.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV

user_pref(CT3291326.mam_gk_appsDefaultEnabled.enc, bnVsbA==);

user_pref(CT3291326.mam_gk_calledSetupService.enc, MQ==);

user_pref(CT3291326.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJiYTk1YzRhNS1kY2VjLTRkYTUtYT

user_pref(CT3291326.mam_gk_currentVersion.enc, MS4xMC40LjA=);

user_pref(CT3291326.mam_gk_existingUsersRecoveryDone.enc, MQ==);

user_pref(CT3291326.mam_gk_first_time.enc, MQ==);

user_pref(CT3291326.mam_gk_installer_preapproved.enc, ZmFsc2U=);

user_pref(CT3291326.mam_gk_lastLoginTime.enc, MTM4MDUwMTY1MzMwOQ==);

user_pref(CT3291326.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM

user_pref(CT3291326.mam_gk_mamEnabled.enc, dHJ1ZQ==);

user_pref(CT3291326.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);

user_pref(CT3291326.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo

user_pref(CT3291326.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi

user_pref(CT3291326.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);

user_pref(CT3291326.mam_gk_userId.enc, MDFhMTA5NjktMjQ2NS00NmVkLTgyMzAtMzlhMDcxYmI1MGNh);

user_pref(CT3291326.mam_gk_user_approval_interacted.enc, MQ==);

user_pref(CT3291326.mam_gk_welcomeDialogMode.enc, MQ==);

user_pref(CT3291326.migrateAppsAndComponents, true);

user_pref(CT3291326.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_

user_pref(CT3291326.openThankYouPage, false);

user_pref(CT3291326.openUninstallPage, true);

user_pref(CT3291326.originalHomepage, hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff);

user_pref(CT3291326.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);

user_pref(CT3291326.originalSearchEngine, Yahoo);

user_pref(CT3291326.originalSearchEngineName, Yahoo);

user_pref(CT3291326.price-gong.isManagedApp, true);

user_pref(CT3291326.revertSettingsEnabled, false);

user_pref(CT3291326.search.searchAppId, 130075605275743079);

user_pref(CT3291326.search.searchCount, 0);

user_pref(CT3291326.searchFromAddressBarEnabledByUser, true);

user_pref(CT3291326.searchInNewTabEnabledByUser, true);

user_pref(CT3291326.searchInNewTabEnabledInHidden, true);

user_pref(CT3291326.searchRevert, false);

user_pref(CT3291326.searchSuggestEnabledByUser, true);

user_pref(CT3291326.searchUserMode, 2);

user_pref(CT3291326.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});

user_pref(CT3291326.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});

user_pref(CT3291326.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});

user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3291326\});

user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://KeyBar113.OurToolbar.com//xpi\});

user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\KeyBar 1.13\});

user_pref(CT3291326.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});

user_pref(CT3291326.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});

user_pref(CT3291326.serviceLayer_services_Configuration_lastUpdate, 1374624153660);

user_pref(CT3291326.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1374624161899);

user_pref(CT3291326.serviceLayer_services_appsMetadata_lastUpdate, 1374624161807);

user_pref(CT3291326.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1374624161761);

user_pref(CT3291326.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1374624152177);

user_pref(CT3291326.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1374624164575);

user_pref(CT3291326.serviceLayer_services_login_10.16.4.19_lastUpdate, 1374624162965);

user_pref(CT3291326.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1374624161722);

user_pref(CT3291326.serviceLayer_services_searchAPI_lastUpdate, 1374624153718);

user_pref(CT3291326.serviceLayer_services_serviceMap_lastUpdate, 1374624145522);

user_pref(CT3291326.serviceLayer_services_toolbarContextMenu_lastUpdate, 1374624161676);

user_pref(CT3291326.serviceLayer_services_toolbarSettings_lastUpdate, 1374624153535);

user_pref(CT3291326.serviceLayer_services_translation_lastUpdate, 1374624161886);

user_pref(CT3291326.settingsINI, true);

user_pref(CT3291326.shouldFirstTimeDialog, false);

user_pref(CT3291326.showToolbarPermission, false);

user_pref(CT3291326.smartbar.CTID, CT3291326);

user_pref(CT3291326.smartbar.Uninstall, 0);

user_pref(CT3291326.smartbar.homepage, true);

user_pref(CT3291326.smartbar.toolbarName, KeyBar 1.13 );

user_pref(CT3291326.startPage, true);

user_pref(CT3291326.toolbarBornServerTime, 24-7-2013);

user_pref(CT3291326.toolbarCurrentServerTime, 24-7-2013);

user_pref(CT3291326.toolbarLoginClientTime, Tue Jul 23 2013 17:02:42 GMT-0700 (Pacific Daylight Time));

user_pref(CT3291326.versionFromInstaller, 10.16.4.19);

user_pref(CT3291326.xpeMode, 3);

user_pref(CT3291326_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501596060,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}

user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN53133852618265168&UM=2&UP=SP77F3F47A-2BCD-48F1-873F

user_pref(Smartbar.ConduitSearchEngineList, KeyBar 1.13 Customized Web Search);

user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3291326&ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);

user_pref(Smartbar.SearchFromAddressBarSavedUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);

user_pref(Smartbar.keywordURLSelectedCTID, CT3291326);

user_pref(aim_toolbar.search.searchtype, web);

user_pref(aim_toolbar.winamp.volume, );

user_pref(aol_toolbar.surf.date, 92);

user_pref(aol_toolbar.surf.lastDate, 26);

user_pref(aol_toolbar.surf.lastMonth, 3);

user_pref(aol_toolbar.surf.lastYear, 2013);

user_pref(aol_toolbar.surf.month, 4908);

user_pref(aol_toolbar.surf.prevMonth, 407);

user_pref(aol_toolbar.surf.total, 13137);

user_pref(aol_toolbar.surf.week, 784);

user_pref(aol_toolbar.surf.year, 5314);

user_pref(browser.newtab.url, hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=4E0C0019D1E594AB&tsp=5004);

user_pref(browser.startup.homepage, hxxp://mysearch.avg.com/?cid={B07D9E15-0CCE-4409-BDE5-174C9E77CA75}&mid=db26c891e11a47d3b6bed15097017d58-e7cb49739f079b51e65b1a425a1abfc

user_pref(extensions.bootstrappedAddons, {\[email protected]\:{\version\:\1.2\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\Joseph\\\\AppData\\\\Ro

user_pref(extensions.crossrider.bic, 13e4909e938b10fc54d00fc3db53bbb3);

user_pref(extensions.delta.admin, false);

user_pref(extensions.delta.aflt, babsst);

user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});

user_pref(extensions.delta.autoRvrt, false);

user_pref(extensions.delta.dfltLng, en);

user_pref(extensions.delta.excTlbr, false);

user_pref(extensions.delta.ffxUnstlRst, true);

user_pref(extensions.delta.id, 4e0c29b00000000000000019d1e594ab);

user_pref(extensions.delta.instlDay, 15961);

user_pref(extensions.delta.instlRef, sst);

user_pref(extensions.delta.newTab, false);

user_pref(extensions.delta.prdct, delta);

user_pref(extensions.delta.prtnrId, delta);

user_pref(extensions.delta.rvrt, false);

user_pref(extensions.delta.smplGrp, none);

user_pref(extensions.delta.tlbrId, base);

user_pref(extensions.delta.tlbrSrchUrl, );

user_pref(extensions.delta.vrsn, 1.8.24.6);

user_pref(extensions.delta.vrsnTs, 1.8.24.611:30:51);

user_pref(extensions.delta.vrsni, 1.8.24.6);

user_pref(extensions.delta_i.babExt, );

user_pref(extensions.delta_i.babTrack, tsp=5004);

user_pref(extensions.delta_i.srcExt, ss);

user_pref(extensions.dnsbasic.init, true);

user_pref(keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);

user_pref(smartbar.addressBarOwnerCTID, CT3291326);

user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN40443446851106414&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287375&oct

user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=,hxxp://search.condui

user_pref(smartbar.defaultSearchOwnerCTID, CT3291326);

user_pref(smartbar.homePageOwnerCTID, CT3291326);

user_pref(smartbar.machineId, XKUBU+QFAQIIYDNRB5Z52AJUMWCV5DQXYCKDR0IKEST7OIRAKK8Y59C1JZC9YCZMETF4CF6HD7BIDFUHGDH2YG);

user_pref(smartbar.originalHomepage, data:text/plain,browser.startup.homepage=hxxp://search.yahoo.com/firefox/?fr=yff80-sfp);

user_pref(smartbar.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);

user_pref(smartbar.originalSearchEngine, false);

Emptied folder: C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\minidumps [36 files]

 

 

 

~~~ Chrome

 

Dumping contents of C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj

C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\background.js

C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\ContentScript.js

C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\manifest.json

 

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

 

[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

ndibdjnfmopecpmkdieinmbadjfpblof

 

[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

  hbcennhacfaagdopikcegfcobcadeocj,

  hhbgpoakplhahbklhkcfbpicgjcaoglk,

  icdlfehblmklkikfigmjhbmmpmkmpooj,

  mhkaekfpcppmmioggniknbnbdbcigpkk,

  ndibdjnfmopecpmkdieinmbadjfpblof,

  pfndaklgolladniicklehhancnlgocpp

]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 07/13/2015 at 13:19:35.77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

# AdwCleaner v4.208 - Logfile created 13/07/2015 at 13:27:26

# Updated 09/07/2015 by Xplode

# Database : 2015-07-11.1 [Server]

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)

# Username : Joseph - JOSEPH-PC

# Running from : C:\Users\Joseph\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : SecureUpdateSvc

Service Found : YahooAUService

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

File Found : C:\Program Files\Mozilla Firefox\nsprotector.js

File Found : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg

File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj

File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj

File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk

File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp

Folder Found : C:\OpenCandy

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\Program Files\Secure Speed Dial

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\Avg_Update_0215tb

Folder Found : C:\ProgramData\Avg_Update_0415tb

Folder Found : C:\ProgramData\Avg_Update_1214tb

Folder Found : C:\SearchProtect

Folder Found : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com

Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}

Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]

Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]

Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]

 

***** [ Scheduled tasks ] *****

 

Task Found : EPUpdater

Task Found : IHUninstallTrackingTASK

Task Found : PC Optimizer Pro Startups

Task Found : 0415tbUpdateInfo

Task Found : 1214tbUpdateInfo

Task Found : 0415tbUpdateInfo

Task Found : 1214tbUpdateInfo

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AVG SafeGuard toolbar

Key Found : HKCU\Software\Avg Secure Update

Key Found : HKCU\Software\BABSOLUTION

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\Delta

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{45F267AE-311F-43E2-BDAA-00D059B93BF9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Key Found : HKCU\Software\pc optimizer pro

Key Found : HKCU\Software\vShare.tv

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\Delta

Key Found : HKLM\SOFTWARE\DnsBasic

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh

Key Found : HKLM\SOFTWARE\InfoAtoms

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\SearchProtect

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKLM\SOFTWARE\W3I

Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar

Key Found : HKU\.DEFAULT\Software\Avg Secure Update

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18999

 

 

-\\ Mozilla Firefox v17.0.1 (en-US)

 

[fb63icx9.default] - Line Found : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[fb63icx9.default] - Line Found : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]

[fb63icx9.default] - Line Found : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN40443446851106414&SSPV=&Lay=1&UM=2\"}");

[fb63icx9.default] - Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[fb63icx9.default] - Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

[fb63icx9.default] - Line Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN34716991527094572&SSPV=&Lay=1&UM=2\"}");

[fb63icx9.default] - Line Found : user_pref("CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[fb63icx9.default] - Line Found : user_pref("CT3291326.embeddedsData", "[{\"appId\":\"130075605275743079\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

[fb63icx9.default] - Line Found : user_pref("CT3291326.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN53133852618265168&SSPV=&Lay=1&UM=2\"}");

 

-\\ Google Chrome v43.0.2357.81

 

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=45b45b30-fd9f-11e0-ba8b-0019d1e594ab&q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120326A2AC42449290F8166B64F47B&q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18232546152612525&ctid=CT3291326&UM=2

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_btis2&mntrId=4E0C0019D1E594AB&tsp=5004

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [15331 bytes] - [13/07/2015 13:27:26]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15391 bytes] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015

Ran by Joseph (administrator) on JOSEPH-PC on 13-07-2015 13:33:46

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

(Microsoft Corporation) C:\Windows\ehome\ehprivjob.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Google Inc.) C:\Program Files\Google\Update\Install\{965A1934-2571-4C7F-90EF-B14DB928B21D}\43.0.2357.132_chrome_installer.exe

(Google Inc.) C:\Windows\temp\CR_3EA22.tmp\setup.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wermgr.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)

HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [884440 2015-05-07] (BlueStack Systems, Inc.)

HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)

HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]

ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)

ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}

SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {A8EF7510-0694-4821-81CB-4F8249E441AE} URL = http://search.yahoo....ms}&fr=chr-atty

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)

BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File

BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File

Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: javascript - No CLSID Value - 

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{1EC9B7C7-513F-4A2E-BD42-DE5436ECB5A0}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Tcpip\..\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Tcpip\..\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Tcpip\..\Interfaces\{AC21EB7D-6797-4330-BE20-60C29D908B1C}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default

FF DefaultSearchEngine: 

FF DefaultSearchUrl: 

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-13] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\searchads@instair(302).net [2014-12-13]

FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]

FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\speeddial@instair(303).net [2014-12-13]

FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]

FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2011-08-10]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]

FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-18]

FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]

FF Extension: Vafmusic  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-08-11]

FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]

FF Extension: FreeHDSport.TV - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2012-12-16]

FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-04-04]

FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]

FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]

FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-11]

FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION

 

Chrome: 

=======

CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]

CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]

CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)

S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)

S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)

S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)

S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()

S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)

S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]

S2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)

S2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]

R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

S2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)

S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)

S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131288 2015-05-07] (BlueStack Systems)

S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)

R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX™)

S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)

S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)

R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)

S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)

S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)

S2 adfs; No ImagePath

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 WinRing0_1_2_0; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-13 13:33 - 2015-07-13 13:37 - 00023437 _____ C:\Users\Joseph\Desktop\FRST.txt

2015-07-13 13:33 - 2015-07-13 13:33 - 00000000 ____D C:\Users\Joseph\Desktop\FRST-OlderVersion

2015-07-13 13:26 - 2015-07-13 13:29 - 00000000 ____D C:\AdwCleaner

2015-07-13 13:22 - 2015-07-13 13:22 - 02248704 _____ C:\Users\Joseph\Desktop\AdwCleaner.exe

2015-07-13 13:19 - 2015-07-13 13:19 - 00050056 _____ C:\Users\Joseph\Desktop\JRT.txt

2015-07-13 12:57 - 2015-07-13 12:57 - 03034266 _____ (Malwarebytes Corporation) C:\Users\Joseph\Desktop\JRT.exe

2015-07-13 12:51 - 2015-07-13 12:51 - 00005256 _____ C:\Users\Joseph\Desktop\wscsvc.reg

2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\ProgramData\BlueStacksCopy

2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\Program Files\BlueStacksCopy

2015-07-12 00:16 - 2015-07-12 00:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSEPH-PC-Windows-Vista-™-Home-Premium-(32-bit).dat

2015-07-12 00:16 - 2015-07-12 00:16 - 00000000 ____D C:\RegBackup

2015-07-11 01:25 - 2015-07-12 23:56 - 00002515 _____ C:\Users\Joseph\Desktop\FSS.txt

2015-07-11 01:22 - 2015-07-13 13:33 - 01636864 _____ (Farbar) C:\Users\Joseph\Desktop\FRST.exe

2015-07-10 00:35 - 2015-07-07 23:12 - 00415232 _____ (Farbar) C:\Users\Joseph\Desktop\FSS.exe

2015-06-14 23:36 - 2015-06-14 23:36 - 00000695 _____ C:\Users\Joseph\Desktop\NTREGOPT.lnk

2015-06-14 23:36 - 2015-06-14 23:36 - 00000676 _____ C:\Users\Joseph\Desktop\ERUNT.lnk

2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\Program Files\ERUNT

2015-06-14 23:35 - 2015-06-14 23:32 - 00791393 _____ (Lars Hederer ) C:\Users\Joseph\Desktop\erunt-setup.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-13 13:34 - 2015-06-07 15:01 - 00000000 ____D C:\FRST

2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-13 13:25 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit

2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial

2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit

2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit

2015-07-13 13:10 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-13 13:10 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-07-13 13:09 - 2012-12-29 01:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-07-13 13:09 - 2011-08-08 13:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-07-13 13:01 - 2006-11-02 05:52 - 01565971 _____ C:\Windows\WindowsUpdate.log

2015-07-13 12:54 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job

2015-07-13 12:47 - 2015-05-17 02:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-13 12:47 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys

2015-07-13 12:46 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-13 00:11 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-07-12 02:08 - 2015-06-10 02:43 - 00012858 _____ C:\Windows\IE9_main.log

2015-07-12 01:02 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-12 00:53 - 2006-11-02 03:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-12 00:52 - 2015-06-09 12:07 - 00003572 _____ C:\Windows\setupact.log

2015-07-12 00:31 - 2008-11-15 19:32 - 01774944 _____ C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT

2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk

2015-06-14 23:36 - 2008-11-27 14:13 - 00000000 ____D C:\Windows\ERDNT

 

==================== Files in the root of some directories =======

 

2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe

2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat

2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf

2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log

2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys

2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png

2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd

2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt

2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat

2008-11-15 19:31 - 2015-06-10 21:26 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat

2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c

2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b

 

Some files in TEMP:

====================

C:\Users\Joseph\AppData\Local\temp\HD-RunAppTemp.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-13 12:53

 

==================== End of log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015

Ran by Joseph at 2015-07-13 13:39:20

Running from C:\Users\Joseph\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2013592473-1583479073-1329353095-500 - Administrator - Disabled)

Guest (S-1-5-21-2013592473-1583479073-1329353095-501 - Limited - Disabled)

Joseph (S-1-5-21-2013592473-1583479073-1329353095-1000 - Administrator - Enabled) => C:\Users\Joseph

UpdatusUser (S-1-5-21-2013592473-1583479073-1329353095-1006 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

2Wire Wireless Manager (HKLM\...\{3CE11B98-C61C-4692-9E0E-59934761C3BE}) (Version: 1.1.8.0 - 2Wire)

2WIREUSBWLANInstaller (HKLM\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)

AccelerateTab (HKLM\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)

Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AT&T Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )

ATT-HSI (HKLM\...\ATT-HSI) (Version:  - )

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)

AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden

AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

BetOnline Client (remove only) (HKLM\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)

BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)

Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )

Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version:  - )

Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )

DiskAid 3.11 (HKLM\...\DiskAid_is1) (Version: 3.11 - DigiDNA)

DnsBasic 1.0 build 111 (HKLM\...\DnsBasic) (Version:  - )

Dream Aquarium (HKLM\...\Dream Aquarium_is1) (Version: 1.0700 - )

Dream Aquarium (HKLM\...\DreamAqua) (Version:  - )

Driver Booster 2.3 (HKLM\...\Driver Booster_is1) (Version: 2.3 - IObit)

DVD Audio Ripper 4 (HKLM\...\DVD Audio Ripper 4) (Version: 4.0.71.0314 - ImTOO)

DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )

ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)

Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden

HDVidCodec (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION

InfoAtoms (HKLM\...\InfoAtoms) (Version: 1.4.0.0 - InfoAtoms)

Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )

IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)

IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)

iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)

iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)

Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

K-Lite Mega Codec Pack 5.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.0 - )

League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)

Motorola Driver Installation 4.6.0 (HKLM\...\{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}) (Version: 4.6.0 - Motorola Inc.)

Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)

Mplayer 0.6.9 (HKLM\...\Mplayer) (Version: 0.6.9 - )

NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )

OpenAL (HKLM\...\OpenAL) (Version:  - )

osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)

Out of the Park Baseball 6 (HKLM\...\Out of the Park Baseball 6) (Version:  - )

Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

Photoshop Cs4 Ultra 1.1 (HKLM\...\Photoshop Cs4 Ultra 1.1) (Version:  - )

Pixillion Image Converter (HKLM\...\Pixillion) (Version:  - NCH Software)

Portal 2 (HKLM\...\Postal 2_is1) (Version:  - )

Project 64 version 2.0.0.14 (HKLM\...\Project 64_is1) (Version: 2.0.0.14 - )

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QuickFreedom 1.1.0 (HKLM\...\{676B241C-AED4-400B-98FF-267773B94B11}_is1) (Version:  - Dancool999)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 2.00.0000 - NETGEAR)

Side 9 Screensaver (HKLM\...\Side 9 Screensaver) (Version:  - )

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Steam (HKLM\...\Steam) (Version:  - Valve Corporation)

SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)

Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)

TeamSpeak 3 Client (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)

TruePoker (High Res) (HKLM\...\TruePoker (High Res)) (Version:  - )

TruePoker (HKLM\...\TruePoker) (Version:  - )

TVersity Codec Pack 1.2 (HKLM\...\TVersity Codec Pack) (Version: 1.2 - TVersity Inc.)

Videora iPod Converter 4.04 (HKLM\...\Videora iPod Converter) (Version: 4.04 - Red Kawa)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)

vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION

WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)

WinAVI Video Converter (HKLM\...\WinAVI Video Converter 10.0_is1) (Version:  - ZJ Computing,Inc.)

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

WinSCP 4.2.5 (HKLM\...\winscp3_is1) (Version: 4.2.5 - Martin Prikryl)

WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden

Xobni (HKLM\...\XobniMain) (Version:  - Xobni Corp.)

Xobni Core (Version: 1.0.0 - Xobni, Inc.) Hidden

Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)

Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

YouTube Downloader App 1.03 (HKLM\...\YouTube Downloader App) (Version: 1.03 - Regensoft)

YouTubeGet 5.2.3 (HKLM\...\YouTubeGet_is1) (Version:  - YouTubeGet Developer Team)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B0-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B1-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll (Yahoo! Inc.)

 

==================== Restore Points =========================

 

09-06-2015 01:05:43 Windows Update

10-06-2015 00:48:08 Scheduled Checkpoint

10-06-2015 02:31:08 Windows Update

10-06-2015 21:03:39 avast! Free Antivirus Setup

10-06-2015 21:23:39 avast! Free Antivirus Setup

11-06-2015 02:31:36 Windows Update

11-06-2015 20:47:19 Scheduled Checkpoint

12-06-2015 01:00:46 Windows Update

13-06-2015 00:00:06 Scheduled Checkpoint

13-06-2015 01:01:10 Windows Update

14-06-2015 00:14:07 Scheduled Checkpoint

14-06-2015 01:01:27 Windows Update

10-07-2015 00:42:34 Windows Update

11-07-2015 01:33:09 Windows Update

12-07-2015 00:16:42 Tweaking.com - Windows Repair

12-07-2015 00:56:59 Windows Update

13-07-2015 12:49:08 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-11-16 19:09 - 2015-07-12 00:41 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION

Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION

Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION

Task: {33E1ABFC-4A6C-41DC-8332-0B3E70A3EFCE} - System32\Tasks\{F149BD0B-3DD3-4EDB-B4A5-3ECB3FF1DE20} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)

Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION

Task: {4413C5A7-8FC0-4C94-B452-AFFA060CEBCB} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe [2015-05-12] ()

Task: {4B2C630E-74E9-4C07-B649-AEBA7C0AF13A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)

Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION

Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"

Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\

Task: {652595CA-2796-45B2-97C5-1C9C127C24AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)

Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION

Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION

Task: {9ED3C95C-BCB8-4C7D-8D3C-482F26049DD8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe

Task: {BC8433A0-0791-4ECD-9445-A2666E0D8780} - System32\Tasks\ASC8_SkipUac_Joseph => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-05-08] (IObit)

Task: {C0D0C629-F3A1-4606-B022-1EBCD5859A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION

Task: {C314673B-BB0D-4B7A-BE41-C3B3BB8B5B30} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION

Task: {C4B9A509-CC34-4FAA-AFD3-7125C97F596C} - System32\Tasks\{606519EC-1B91-4A4A-891F-A3BED96803D3} => pcalua.exe -a "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" -c /u:PokerStars.net

Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)

Task: {D21B6FE0-D20C-49BE-A33D-57AE4FB0AF1F} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe [2009-08-03] ()

Task: {DC75239F-AA37-4F74-9B3E-926E43D59010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-13] (Adobe Systems Incorporated)

Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)

Task: {E148B685-8D01-4E3C-977A-818753DBF65B} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2006-12-05] (Microsoft Corporation)

Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION

Task: {E9B271DD-ED82-4CAF-A49A-61734B52F895} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe [2014-12-15] ()

Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION

Task: {F432B34D-4D54-4C74-BB3D-0659F374FAFD} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2006-12-05] (Microsoft Corporation)

Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe

Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2008-11-20 15:13 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll

2011-05-15 01:43 - 2010-04-29 11:30 - 00091456 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57436731.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57436731.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\motive.com -> hxxps://patttbc.att.motive.com

 

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com=CoolWebSearch -> 008i.com=CoolWebSearch

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com=CoolWebSearch -> 008k.com=CoolWebSearch

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com=CoolWebSearch -> 00hq.com=CoolWebSearch

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com=0190 Dialers -> 0190-dialers.com=0190 Dialers

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net=CoolWebSearch -> 0calories.net=CoolWebSearch

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

 

There are 6352 more restricted sites.

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

HKU\S-1-5-21-2013592473-1583479073-1329353095-1006\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk => C:\Windows\pss\MLB.TV NexDef Plug-in.lnk.Startup

MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\eedf631b-4376-4fc5-9057-1c6c8142bceb.exe /check

MSCONFIG\startupreg: 2Wire Wireless Manager => "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a

MSCONFIG\startupreg: AllShareAgent => 

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"

MSCONFIG\startupreg: avast! => C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe

MSCONFIG\startupreg: ISW.exe => "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe

MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80

FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80

FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/13/2015 01:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,

process id 0x1460, application start time 0xavgui.exe0.

 

Error: (07/13/2015 12:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,

process id 0xbec, application start time 0xavgui.exe0.

 

Error: (07/13/2015 12:47:07 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".

Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

 

Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

 

Error: (07/12/2015 11:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,

process id 0xbc0, application start time 0xavgui.exe0.

 

Error: (07/12/2015 11:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (07/12/2015 11:50:45 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".

Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (07/12/2015 02:12:37 AM) (Source: IMFservice) (EventID: 0) (User: )

Description: The handle is invalid

 

Error: (07/12/2015 02:12:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

 

 

System errors:

=============

Error: (07/13/2015 01:22:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Software Licensing11200001Restart the service

 

Error: (07/13/2015 01:12:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: 1Restart the serviceWindows Modules Installer%%1056

 

Error: (07/13/2015 01:11:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: 1Restart the serviceWindows Media Player Network Sharing Service%%1056

 

Error: (07/13/2015 01:10:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Media Player Network Sharing Service1300001Restart the service

 

Error: (07/13/2015 01:10:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: NVIDIA Update Service Daemon1

 

Error: (07/13/2015 01:10:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Live ID Sign-in Assistant1100001Restart the service

 

Error: (07/13/2015 01:10:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Yahoo! Updater1

 

Error: (07/13/2015 01:10:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Modules Installer11200001Restart the service

 

Error: (07/13/2015 01:10:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: XobniService1

 

Error: (07/13/2015 01:10:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: vToolbarUpdater18.5.01

 

 

Microsoft Office:

=========================

Error: (07/13/2015 01:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eed146001d0bda6ec038367

 

Error: (07/13/2015 12:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedbec01d0bda4b3867677

 

Error: (07/13/2015 12:47:07 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

 

Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

 

Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

 

Error: (07/12/2015 11:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedbc001d0bd383bd3bba7

 

Error: (07/12/2015 11:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (07/12/2015 11:50:45 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

 

Error: (07/12/2015 02:12:37 AM) (Source: IMFservice) (EventID: 0) (User: )

Description: The handle is invalid

 

Error: (07/12/2015 02:12:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-07-13 13:36:09.080

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:08.846

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:08.644

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:08.501

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:08.139

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:07.983

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:07.781

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-07-13 13:36:07.671

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-06-07 15:03:43.307

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-06-07 15:03:43.198

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz

Percentage of memory in use: 62%

Total physical RAM: 2045.21 MB

Available physical RAM: 775.31 MB

Total Virtual: 4339.39 MB

Available Virtual: 2344.28 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:204.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.24 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20000000)

Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

 

==================== End of log ============================

 

[DanoNH]

OK, let's keep the ball rolling here...
 
First
Programs uninstall
Go to the Control Panel > Uninstall a program or Programs and Features, and uninstall the following programs:

• AccelerateTab
• Ad-Aware (if it isn't a paid version)
• Advanced SystemCare 8 (IObit reputation)
• AVG SafeGuard toolbar
• Bonjour (application errors)
• HDVidCodec
• IObit Malware Fighter 3 (IObit reputation)
• IObit Uninstaller (IObit reputation)
• Pando Media Booster
• Smart Defrag 4 (IObit reputation)
• Surfing Protection (IObit reputation)
• TVersity Codec Pack 1.2
• vShare.tv plugin 1.3

Second
Run AdwCleaner

• Close all open windows and browsers.
• Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
• Click the Scan button and wait for the scan to complete.
• When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
• Click the Cleaning button.
  
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Third
Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop:   fixlist.txt   9.88KB   146 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

• AdwCleaner log
• FRST fixlog.txt

And tell me how the system is running.

[Jvescov1]

so when i try to uninstall accelerated tab it says "an error occurred while trying to uninstall accelerated tab it may have already been uninstalled."  "would you like to remove it from the programs and features list?" same thing with AVG toolbar. also the HDVidCodec,vShare.tv plugin apps are no where to be found.

 

FRST ran and restarted the computer but nothing happened upon restart no log or anything theres one on my computer but im pretty sure its the one from the last time we ran as the date at the top is 7/13/15 i will post it anyways just in case as its the only frst text file on my desktop.

 

# AdwCleaner v4.208 - Logfile created 14/07/2015 at 21:43:08

# Updated 09/07/2015 by Xplode

# Database : 2015-07-11.1 [Server]

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)

# Username : Joseph - JOSEPH-PC

# Running from : C:\Users\Joseph\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\OpenCandy

Folder Deleted : C:\SearchProtect

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Avg_Update_0215tb

Folder Deleted : C:\ProgramData\Avg_Update_0415tb

Folder Deleted : C:\ProgramData\Avg_Update_1214tb

Folder Deleted : C:\Program Files\Secure Speed Dial

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com

Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[!] Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]

Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]

Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]

Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}

File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg

File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj

File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj

File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk

File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp

File Deleted : C:\END

File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

 

***** [ Scheduled tasks ] *****

 

Task Deleted : 0415tbUpdateInfo

Task Deleted : 1214tbUpdateInfo

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23F88292-FB5A-4907-9DCB-119FE1A39D3B}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\BABSOLUTION

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\pc optimizer pro

Key Deleted : HKCU\Software\vShare.tv

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Avg Secure Update

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Delta

Key Deleted : HKLM\SOFTWARE\DnsBasic

Key Deleted : HKLM\SOFTWARE\InfoAtoms

Key Deleted : HKLM\SOFTWARE\SearchProtect

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Key Deleted : HKLM\SOFTWARE\W3I

Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar

Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{45F267AE-311F-43E2-BDAA-00D059B93BF9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18999

 

 

-\\ Mozilla Firefox v17.0.1 (en-US)

 

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN40443446851106414&SSPV=&Lay=1&UM=2\"}");

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN34716991527094572&SSPV=&Lay=1&UM=2\"}");

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3291326.embeddedsData", "[{\"appId\":\"130075605275743079\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3291326.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN53133852618265168&SSPV=&Lay=1&UM=2\"}");

 

-\\ Google Chrome v43.0.2357.132

 

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=45b45b30-fd9f-11e0-ba8b-0019d1e594ab&q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120326A2AC42449290F8166B64F47B&q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18232546152612525&ctid=CT3291326&UM=2

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_btis2&mntrId=4E0C0019D1E594AB&tsp=5004

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [15471 bytes] - [13/07/2015 13:27:26]

AdwCleaner[R1].txt - [15574 bytes] - [14/07/2015 21:40:32]

AdwCleaner[S0].txt - [15733 bytes] - [14/07/2015 21:43:08]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15793  bytes] ##########

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015

Ran by Joseph (administrator) on JOSEPH-PC on 13-07-2015 13:33:46

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

(Microsoft Corporation) C:\Windows\ehome\ehprivjob.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Google Inc.) C:\Program Files\Google\Update\Install\{965A1934-2571-4C7F-90EF-B14DB928B21D}\43.0.2357.132_chrome_installer.exe

(Google Inc.) C:\Windows\temp\CR_3EA22.tmp\setup.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wermgr.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)

HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [884440 2015-05-07] (BlueStack Systems, Inc.)

HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)

HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]

ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)

ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}

SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {A8EF7510-0694-4821-81CB-4F8249E441AE} URL = http://search.yahoo....ms}&fr=chr-atty

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)

BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File

BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File

Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: javascript - No CLSID Value - 

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{1EC9B7C7-513F-4A2E-BD42-DE5436ECB5A0}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Tcpip\..\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Tcpip\..\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Tcpip\..\Interfaces\{AC21EB7D-6797-4330-BE20-60C29D908B1C}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default

FF DefaultSearchEngine: 

FF DefaultSearchUrl: 

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-13] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\searchads@instair(302).net [2014-12-13]

FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]

FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\speeddial@instair(303).net [2014-12-13]

FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]

FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2011-08-10]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]

FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-18]

FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]

FF Extension: Vafmusic  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-08-11]

FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]

FF Extension: FreeHDSport.TV - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2012-12-16]

FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-04-04]

FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]

FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]

FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-11]

FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION

 

Chrome: 

=======

CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]

CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]

CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)

S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)

S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)

S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)

S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()

S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)

S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]

S2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)

S2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]

R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

S2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)

S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)

S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131288 2015-05-07] (BlueStack Systems)

S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)

R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX™)

S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)

S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)

R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)

S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)

S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)

S2 adfs; No ImagePath

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 WinRing0_1_2_0; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-13 13:33 - 2015-07-13 13:37 - 00023437 _____ C:\Users\Joseph\Desktop\FRST.txt

2015-07-13 13:33 - 2015-07-13 13:33 - 00000000 ____D C:\Users\Joseph\Desktop\FRST-OlderVersion

2015-07-13 13:26 - 2015-07-13 13:29 - 00000000 ____D C:\AdwCleaner

2015-07-13 13:22 - 2015-07-13 13:22 - 02248704 _____ C:\Users\Joseph\Desktop\AdwCleaner.exe

2015-07-13 13:19 - 2015-07-13 13:19 - 00050056 _____ C:\Users\Joseph\Desktop\JRT.txt

2015-07-13 12:57 - 2015-07-13 12:57 - 03034266 _____ (Malwarebytes Corporation) C:\Users\Joseph\Desktop\JRT.exe

2015-07-13 12:51 - 2015-07-13 12:51 - 00005256 _____ C:\Users\Joseph\Desktop\wscsvc.reg

2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\ProgramData\BlueStacksCopy

2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\Program Files\BlueStacksCopy

2015-07-12 00:16 - 2015-07-12 00:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSEPH-PC-Windows-Vista-™-Home-Premium-(32-bit).dat

2015-07-12 00:16 - 2015-07-12 00:16 - 00000000 ____D C:\RegBackup

2015-07-11 01:25 - 2015-07-12 23:56 - 00002515 _____ C:\Users\Joseph\Desktop\FSS.txt

2015-07-11 01:22 - 2015-07-13 13:33 - 01636864 _____ (Farbar) C:\Users\Joseph\Desktop\FRST.exe

2015-07-10 00:35 - 2015-07-07 23:12 - 00415232 _____ (Farbar) C:\Users\Joseph\Desktop\FSS.exe

2015-06-14 23:36 - 2015-06-14 23:36 - 00000695 _____ C:\Users\Joseph\Desktop\NTREGOPT.lnk

2015-06-14 23:36 - 2015-06-14 23:36 - 00000676 _____ C:\Users\Joseph\Desktop\ERUNT.lnk

2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\Program Files\ERUNT

2015-06-14 23:35 - 2015-06-14 23:32 - 00791393 _____ (Lars Hederer ) C:\Users\Joseph\Desktop\erunt-setup.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-13 13:34 - 2015-06-07 15:01 - 00000000 ____D C:\FRST

2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-13 13:25 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit

2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial

2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit

2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit

2015-07-13 13:10 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-13 13:10 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-07-13 13:09 - 2012-12-29 01:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-07-13 13:09 - 2011-08-08 13:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-07-13 13:01 - 2006-11-02 05:52 - 01565971 _____ C:\Windows\WindowsUpdate.log

2015-07-13 12:54 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job

2015-07-13 12:47 - 2015-05-17 02:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-13 12:47 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys

2015-07-13 12:46 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-13 00:11 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-07-12 02:08 - 2015-06-10 02:43 - 00012858 _____ C:\Windows\IE9_main.log

2015-07-12 01:02 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-12 00:53 - 2006-11-02 03:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-12 00:52 - 2015-06-09 12:07 - 00003572 _____ C:\Windows\setupact.log

2015-07-12 00:31 - 2008-11-15 19:32 - 01774944 _____ C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT

2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk

2015-06-14 23:36 - 2008-11-27 14:13 - 00000000 ____D C:\Windows\ERDNT

 

==================== Files in the root of some directories =======

 

2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe

2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat

2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf

2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log

2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys

2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png

2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd

2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt

2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat

2008-11-15 19:31 - 2015-06-10 21:26 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat

2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c

2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b

 

Some files in TEMP:

====================

C:\Users\Joseph\AppData\Local\temp\HD-RunAppTemp.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-13 12:53

 

==================== End of log ============================

Edited by Jvescov1, 14 July 2015 - 11:03 PM.

[DanoNH]

OK, don't worry about the program uninstall messages.
 
You are correct on the date in the FRST log.  It is from a scan, not our fix.  Is there any chance you downloaded FRST.exe and the fixlist.txt file to your Downloads folder?
 
Run FRST.exe from your Desktop, and in the Search: box, type fixlog.txt and click the Search Files button:

 
Wait several seconds and it will tell you it's done and open a text file (search.txt) on your Desktop. Post the contents of this text file in your reply please.

 

If you do find the fixlog.txt file from July 14th (yesterday), please post the contents of that as well.

[Jvescov1]

think i figured it out ran a new one how does this look?

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015

Ran by Joseph at 2015-07-15 22:33:30 Run:3

Running from C:\Users\Joseph\Desktop

Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

start

CreateRestorePoint:

HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()

HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)

HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)

HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe

ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}

SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File

BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File

Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

Handler: javascript - No CLSID Value - 

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]

FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]

FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]

FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]

FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION

CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]

S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)

S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)

R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)

S2 adfs; No ImagePath

2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit

2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial

2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit

2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit

2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk

2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe

2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c

2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b

2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION

Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION

Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION

Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION

Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION

Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"

Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\

Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION

Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION

Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION

Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION

Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)

Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)

Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION

Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION

Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

RemoveProxy:

Hosts:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

[DanoNH]

That's only half of the log... where's the rest?  What's there only shows my fix from the fixlist.txt file I made for you, not the result of the fix.