Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pc messed up beyond words.


  • Please log in to reply

#1
princessss

princessss

    Member

  • Member
  • PipPip
  • 95 posts
Hi there, Don't know what is going on with this pc. It is my grandchildrens and it is off the hook messed up. Slow, system crashes, dumpreps now and then, hijacking of browsers. I am pretty sure they have been downloading but I'm a little weirded because they are 3 yrs old and 5 yr old and just go to kiddy gaming sites. Here is the OTL file, hopefully you can see what is going on.

OTL logfile created on: 4/16/2013 3:42:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\CFSL\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 388.45 Mb Available Physical Memory | 38.01% Memory free
2.41 Gb Paging File | 1.84 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 7.83 Gb Free Space | 21.03% Space Free | Partition Type: NTFS
Drive D: | 611.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 281.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CFSL-12R-0926 | User Name: CFSL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/16 15:42:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CFSL\My Documents\Downloads\OTL.exe
PRC - [2013/04/11 09:28:08 | 002,730,784 | ---- | M] (Conduit) -- C:\Documents and Settings\CFSL\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/04/09 19:15:05 | 000,825,296 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/12 08:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
PRC - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/03/06 07:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013/03/05 02:28:01 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/06 03:16:13 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/06 04:28:58 | 000,206,336 | ---- | M] (FileProperties_CompanyName) -- C:\Documents and Settings\CFSL\Local Settings\Application Data\Updater12749\Updater12749.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 19:15:03 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.47\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 19:15:02 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.47\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 19:15:01 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.47\pdf.dll
MOD - [2013/04/09 19:14:09 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.47\ffmpegsumo.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/03/12 14:33:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/12 08:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/03/06 07:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/03/05 02:28:01 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/07 18:58:54 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/01 17:56:15 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsibus.sys -- (dtscsibus)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/08/15 10:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {1AE1BE25-61C6-49D3-A990-8B54DC78D149}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{1AE1BE25-61C6-49D3-A990-8B54DC78D149}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...74-C53A7764EC97
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 86 A8 31 03 DB CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {1AE1BE25-61C6-49D3-A990-8B54DC78D149}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000000d5627a115
IE - HKCU\..\SearchScopes\{1AE1BE25-61C6-49D3-A990-8B54DC78D149}: "URL" = http://www.google.co...1I7NDKB_enCA514
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...749111809074807
IE - HKCU\..\SearchScopes\{D7B096AD-750B-438D-9015-3BCBD0987CA1}: "URL" = http://websearch.ask...C8-ECC883DD0946
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...4-C53A7764EC97"
FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.14.65.43
FF - prefs.js..extensions.enabledAddons: %7B739df940-c5ee-4bab-9d7e-270894ae687a%7D:10.14.65.43
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://search.condui...962425&UM=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\CFSL\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 19:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/12/27 15:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Extensions
[2013/04/16 14:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions
[2013/03/22 01:40:42 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/03/22 01:44:38 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/04/16 14:23:28 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\ChoiceGuard@Microsoft
[2013/04/01 11:10:55 | 000,000,000 | ---D | M] ("Coupon Caddy") -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\[email protected]
[2013/03/30 18:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\staged
[2013/04/01 11:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/01/30 13:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\extensions\[email protected]
[2013/02/25 17:07:29 | 000,006,484 | ---- | M] () -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\searchplugins\BrowserProtect.xml
[2013/03/07 19:35:49 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\searchplugins\conduit.xml
[2013/02/25 17:08:30 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\CFSL\Application Data\Mozilla\Firefox\Profiles\qlnpt5wu.default\searchplugins\delta.xml
[2013/02/07 18:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/30 19:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/03/30 19:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/07 18:58:56 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/25 17:07:29 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.47\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.47\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: uTorrentControl_v2 = C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.15.0.562_0\
CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Coupon Caddy) - {11111111-1111-1111-1111-110111271149} - C:\Program Files\Coupon Caddy\Coupon Caddy.dll (215 Apps)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\CFSL\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Updater12749.exe] C:\Documents and Settings\CFSL\Local Settings\Application Data\Updater12749\Updater12749.exe (FileProperties_CompanyName)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1341325768609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1357009656281 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosti...fiedControl.ocx (nvUnifiedControl Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.177.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1274DCFC-8FDE-4462-94BD-6DB7455DEF7F}: DhcpNameServer = 64.59.176.13 64.59.177.226
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/18 09:31:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 06:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/07/13 17:32:56 | 000,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/09/14 04:37:16 | 000,696,320 | R--- | M] (Infogrames) - E:\Autorun.exe -- [ CDFS ]
O33 - MountPoints2\{27ecf62a-9ae7-11e2-8762-000d5627a115}\Shell - "" = AutoRun
O33 - MountPoints2\{27ecf62a-9ae7-11e2-8762-000d5627a115}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27ecf62a-9ae7-11e2-8762-000d5627a115}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002/09/14 04:37:16 | 000,696,320 | R--- | M] (Infogrames)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002/09/14 04:37:16 | 000,696,320 | R--- | M] (Infogrames)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/16 14:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Tracing
[2013/04/16 13:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2013/04/16 13:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2013/04/16 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/04/16 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/04/16 13:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/04/16 13:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/04/16 13:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/04/16 13:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/04/16 13:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/04/16 13:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/04/16 11:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Application Data\PriceGong
[2013/04/16 10:21:00 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2013/04/16 10:20:56 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2013/04/16 10:20:21 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2013/04/16 10:20:17 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2013/04/16 10:19:45 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2013/04/16 10:19:41 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2013/04/16 10:19:30 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2013/04/16 10:19:11 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2013/04/16 10:18:51 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2013/04/16 10:18:47 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2013/04/16 10:18:44 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2013/04/16 10:18:36 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2013/04/16 10:18:32 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2013/04/16 10:18:26 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2013/04/16 10:18:22 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2013/04/16 10:18:05 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2013/04/16 10:17:51 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2013/04/16 10:17:48 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2013/04/16 10:17:44 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2013/04/16 10:17:37 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2013/04/16 10:17:16 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2013/04/16 10:17:03 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2013/04/16 10:17:00 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2013/04/16 10:16:42 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2013/04/16 10:16:39 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2013/04/16 10:16:36 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2013/04/16 10:16:33 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2013/04/16 10:16:29 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2013/04/16 10:16:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2013/04/16 10:15:53 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2013/04/16 10:15:47 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2013/04/16 10:15:43 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2013/04/16 10:15:42 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2013/04/16 10:15:37 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2013/04/16 10:15:34 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2013/04/16 10:15:21 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2013/04/16 10:15:17 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2013/04/16 10:14:34 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2013/04/16 10:14:31 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2013/04/16 10:14:28 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2013/04/16 10:14:24 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2013/04/16 10:14:16 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2013/04/16 10:13:54 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2013/04/16 10:13:22 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2013/04/16 10:13:19 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2013/04/16 10:13:15 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2013/04/16 10:13:12 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2013/04/16 10:13:09 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2013/04/16 10:12:41 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2013/04/16 10:12:38 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2013/04/16 10:12:35 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2013/04/16 10:12:28 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2013/04/16 10:11:59 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2013/04/16 10:11:56 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2013/04/16 10:11:53 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2013/04/16 10:11:50 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2013/04/16 10:11:23 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2013/04/16 10:11:16 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2013/04/16 10:11:13 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2013/04/16 10:10:58 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2013/04/16 10:10:55 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2013/04/16 10:10:53 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2013/04/16 10:10:50 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2013/04/16 10:10:47 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2013/04/16 10:10:44 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2013/04/16 10:10:41 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2013/04/16 10:10:38 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2013/04/16 10:10:35 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2013/04/16 10:10:27 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2013/04/16 10:10:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2013/04/16 10:10:23 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2013/04/16 10:10:21 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2013/04/16 10:10:08 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2013/04/16 10:10:01 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2013/04/16 10:09:57 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2013/04/16 10:09:52 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2013/04/16 10:09:35 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2013/04/16 10:09:32 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2013/04/16 10:09:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2013/04/16 10:08:59 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2013/04/16 10:08:56 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2013/04/16 10:08:44 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2013/04/16 10:07:54 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2013/04/16 10:07:43 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2013/04/16 10:07:42 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2013/04/16 10:07:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2013/04/16 10:07:01 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2013/04/16 10:06:58 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2013/04/16 10:06:55 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2013/04/16 10:06:52 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2013/04/16 10:06:26 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2013/04/16 10:06:11 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2013/04/16 10:06:07 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2013/04/16 10:06:01 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2013/04/16 10:05:48 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2013/04/16 10:05:45 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2013/04/16 10:05:37 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2013/04/16 10:05:34 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2013/04/16 10:05:31 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2013/04/16 10:05:29 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2013/04/16 10:05:26 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2013/04/16 10:05:23 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2013/04/16 10:05:15 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2013/04/16 10:05:12 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2013/04/16 10:05:10 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2013/04/16 10:05:07 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2013/04/16 10:05:04 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2013/04/16 10:04:02 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2013/04/16 10:03:19 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2013/04/16 10:02:58 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2013/04/16 10:02:55 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2013/04/16 10:02:54 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2013/04/16 10:02:51 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2013/04/16 10:02:51 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2013/04/16 10:02:48 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2013/04/16 10:02:39 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2013/04/16 10:02:36 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2013/04/16 10:02:33 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2013/04/16 10:02:31 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2013/04/16 10:02:25 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2013/04/16 10:02:23 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2013/04/16 09:47:11 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2013/04/16 09:46:12 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2013/04/16 09:44:20 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2013/04/16 09:44:11 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2013/04/16 09:43:42 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2013/04/16 09:43:40 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2013/04/16 09:43:37 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2013/04/16 09:43:22 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2013/04/16 09:43:09 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2013/04/16 09:43:07 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2013/04/16 09:43:01 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2013/04/16 09:42:59 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2013/04/16 09:42:57 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2013/04/16 09:42:55 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2013/04/16 09:42:39 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2013/04/16 09:42:35 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2013/04/16 09:42:34 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2013/04/16 09:40:51 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2013/04/16 09:40:44 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2013/04/16 09:40:33 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2013/04/16 09:40:31 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2013/04/16 09:40:30 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2013/04/16 09:40:25 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2013/04/16 09:40:24 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2013/04/16 09:40:23 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2013/04/16 09:40:22 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2013/04/16 09:40:19 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2013/04/16 09:39:57 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2013/04/16 09:39:56 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2013/04/16 09:39:51 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2013/04/16 09:39:26 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2013/04/16 09:39:24 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2013/04/16 09:39:23 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2013/04/16 09:39:22 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2013/04/16 09:39:21 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2013/04/16 09:39:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2013/04/16 09:39:19 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2013/04/16 09:39:17 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2013/04/16 09:39:09 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2013/04/16 09:38:52 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2013/04/16 09:38:41 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2013/04/16 09:38:31 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2013/04/16 09:38:30 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2013/04/16 09:38:30 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2013/04/16 09:38:29 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2013/04/16 09:38:28 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2013/04/16 09:38:25 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2013/04/16 09:38:24 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2013/04/16 09:38:24 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2013/04/16 09:38:23 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2013/04/16 09:38:21 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2013/04/16 09:38:20 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2013/04/16 09:37:44 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/04/16 09:37:43 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/04/16 09:37:42 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/04/16 09:37:42 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/04/16 09:37:41 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/04/16 09:37:40 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/04/16 09:37:40 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/04/16 09:37:39 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/04/16 09:37:36 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/04/16 09:37:36 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/04/16 09:37:35 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/04/16 09:37:34 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/04/16 09:37:33 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/04/16 09:37:33 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/04/16 09:37:32 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/04/16 09:37:31 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/04/16 09:37:31 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/04/16 09:37:30 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/04/16 09:37:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/04/16 09:37:21 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/04/16 09:37:21 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/04/16 09:37:19 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/04/16 09:37:19 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/04/16 09:37:18 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/04/16 09:37:17 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/04/16 09:37:17 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/04/16 09:36:29 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/04/16 09:36:20 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/04/16 09:35:59 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/04/16 09:35:58 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/04/16 09:35:56 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/04/16 09:35:56 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/04/16 09:35:55 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/04/16 09:35:53 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/04/16 09:35:49 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/04/16 09:35:46 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/04/16 09:35:45 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/04/16 09:35:45 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/04/13 22:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Application Data\QuickScan
[2013/04/04 10:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Online Games Manager
[2013/04/03 10:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\Unity
[2013/04/02 08:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Go Diego Go Ultimate Rescue League
[2013/04/02 08:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Go Diego Go Ultimate Rescue League
[2013/04/02 08:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diego`s Safari Adventure
[2013/04/02 08:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diego`s Safari Adventure
[2013/04/01 18:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\DTClient
[2013/04/01 18:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Infogrames Interactive
[2013/04/01 17:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Infogrames Interactive
[2013/04/01 17:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DAEMON Tools Ultra
[2013/04/01 17:56:15 | 000,024,704 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\System32\drivers\dtscsibus.sys
[2013/04/01 17:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Ultra
[2013/04/01 17:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Application Data\DAEMON Tools Ultra
[2013/04/01 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Ultra
[2013/04/01 17:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Ultra
[2013/04/01 11:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/01 11:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/04/01 11:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013/04/01 11:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2013/04/01 11:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\Bundled software uninstaller
[2013/04/01 11:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\Updater12749
[2013/04/01 11:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Caddy
[2013/03/30 09:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2013/03/30 09:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse
[2013/03/30 09:42:38 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2013/03/30 09:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Application Data\WinRAR
[2013/03/30 09:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2013/03/29 11:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC TEKNIX
[2013/03/29 11:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Extreme Flash Player
[2013/03/28 09:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual
[2013/03/28 09:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2013/03/24 08:14:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013/03/22 01:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\3DVIA
[2013/03/22 01:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashPlayer
[2013/03/22 01:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Start Menu\Programs\Paltalk Messenger
[2013/03/22 01:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2013/03/22 01:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Desktop\Chase
[2013/03/22 01:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/03/22 01:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disney Toontown Online
[2013/03/22 01:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\PutLockerDownloader
[2013/03/22 01:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/22 01:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Start Menu\Programs\1clickmoviedownloader.com
[2013/03/22 01:11:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/22 01:00:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/03/18 15:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2013/03/18 15:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zoodles
[2013/03/18 15:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/03/18 15:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/03/18 15:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CFSL\Local Settings\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/16 15:33:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/16 15:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 15:18:21 | 000,188,842 | ---- | M] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\census.cache
[2013/04/16 15:18:06 | 000,179,747 | ---- | M] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\ars.cache
[2013/04/16 14:56:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\housecall.guid.cache
[2013/04/16 14:54:22 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/04/16 14:42:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/16 14:37:30 | 000,527,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/16 14:37:30 | 000,096,814 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/16 14:34:03 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/04/16 14:33:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/16 14:32:59 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 14:32:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/16 14:32:47 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/13 11:53:05 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\CFSL\Desktop\Toontown Online.lnk
[2013/04/12 23:45:03 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/12 21:36:48 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\CFSL\Desktop\Continue Video Downloader Installation.lnk
[2013/04/11 03:08:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/04 10:48:27 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\CFSL\Desktop\Sky Taxi 4 - Top Secret.lnk
[2013/04/01 18:59:45 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2013/04/01 18:00:48 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Lost City.lnk
[2013/04/01 18:00:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2013/04/01 17:56:15 | 000,024,704 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\System32\drivers\dtscsibus.sys
[2013/03/29 15:51:37 | 000,555,824 | ---- | M] () -- C:\Documents and Settings\CFSL\My Documents\Flash.tif
[2013/03/28 09:11:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2013/03/20 13:23:43 | 000,017,868 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/03/19 12:51:44 | 000,099,456 | ---- | M] () -- C:\Documents and Settings\CFSL\My Documents\Return Accepted (tammy).pdf
[2013/03/19 12:40:32 | 000,083,891 | ---- | M] () -- C:\Documents and Settings\CFSL\My Documents\TurboTax.pdf
[2013/03/18 15:14:19 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zoodles.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/16 15:18:21 | 000,188,842 | ---- | C] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\census.cache
[2013/04/16 15:18:06 | 000,179,747 | ---- | C] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\ars.cache
[2013/04/16 14:56:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\housecall.guid.cache
[2013/04/16 10:20:56 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2013/04/16 10:20:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2013/04/16 10:08:51 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2013/04/16 10:08:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2013/04/16 10:04:11 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2013/04/16 09:44:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2013/04/16 09:44:14 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2013/04/16 09:44:09 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2013/04/16 09:44:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2013/04/16 09:44:00 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2013/04/16 09:40:29 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2013/04/16 09:40:27 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2013/04/16 09:40:26 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2013/04/16 09:37:05 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/04/16 09:37:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/04/16 09:37:03 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/04/16 09:37:00 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/04/16 09:36:59 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/04/16 09:36:59 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/04/16 09:36:58 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/04/16 09:36:58 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/04/16 09:36:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/04/16 09:36:45 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/04/13 11:53:05 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\CFSL\Desktop\Toontown Online.lnk
[2013/04/12 21:36:48 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\CFSL\Desktop\Continue Video Downloader Installation.lnk
[2013/04/04 10:48:27 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\CFSL\Desktop\Sky Taxi 4 - Top Secret.lnk
[2013/04/01 18:59:47 | 000,012,540 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2013/04/01 18:00:48 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Lost City.lnk
[2013/04/01 18:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2013/04/01 11:13:58 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2013/04/01 11:13:58 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2013/03/30 09:13:50 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\CFSL\My Documents\Calculator.lnk
[2013/03/29 15:51:36 | 000,555,824 | ---- | C] () -- C:\Documents and Settings\CFSL\My Documents\Flash.tif
[2013/03/28 09:11:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2013/03/20 13:23:43 | 000,017,868 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/03/19 12:51:43 | 000,099,456 | ---- | C] () -- C:\Documents and Settings\CFSL\My Documents\Return Accepted (tammy).pdf
[2013/03/19 12:40:32 | 000,083,891 | ---- | C] () -- C:\Documents and Settings\CFSL\My Documents\TurboTax.pdf
[2013/03/18 15:14:19 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Zoodles.lnk
[2013/03/18 15:14:19 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zoodles.lnk
[2013/02/09 02:46:37 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\CFSL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/01 11:54:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/12 16:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/18 10:15:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/18 09:34:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 09:28:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/18 04:07:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/18 04:06:11 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/05/18 10:17:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 13:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/16 02:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/03/22 01:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/04/01 11:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/04/01 17:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Ultra
[2013/01/07 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2013/01/07 14:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/03/22 01:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/04/03 08:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/27 15:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VTech
[2013/02/25 17:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\Babylon
[2013/03/18 15:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2013/04/01 17:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\DAEMON Tools Ultra
[2013/02/03 11:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\Leadertech
[2013/03/22 01:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\Paltalk
[2013/03/22 01:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\player
[2013/04/16 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\PriceGong
[2013/04/13 22:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\QuickScan
[2013/03/22 01:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\SearchProtect
[2013/03/22 01:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\SwvUpdater
[2013/04/13 04:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\uTorrent
[2012/05/18 10:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\Windows Desktop Search
[2013/01/12 14:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CFSL\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF75D88F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C84C408C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCEE6BF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0459F5AC

< End of report >

Thanks blaringly

Princessss
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It looks like you have a bit of adware on your computer.

Do you happen to have the Extras.txt log from when you ran OTL?

ALso please run this utility:


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#3
princessss

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hi ST and thank you. Here is the Extras text with the JRT text following.

OTL Extras logfile created on: 4/16/2013 3:42:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\CFSL\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 388.45 Mb Available Physical Memory | 38.01% Memory free
2.41 Gb Paging File | 1.84 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 7.83 Gb Free Space | 21.03% Space Free | Partition Type: NTFS
Drive D: | 611.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 281.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CFSL-12R-0926 | User Name: CFSL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk Messenger -- (AVM Software Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe" = C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe:*:Disabled:Vtech local server -- ()
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002FBC80-F076-4442-7C29-F92FF8934B16}" = Zoodles
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{747C231B-062D-4586-8221-8E7870987D5B}" = Dora Lost City
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer
"{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}" = Extreme Flash Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"1ClickDownload" = MovieDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"am-dorascarnival2boardwalkadventure" = Dora's Carnival 2 - Boardwalk Adventure
"am-skytaxi4topsecret" = Sky Taxi 4 - Top Secret
"BFGC" = Big Fish Games: Game Manager
"BFG-Diego`s Safari Adventure" = Diego`s Safari Adventure
"BFG-Go Diego Go Ultimate Rescue League" = Go Diego Go Ultimate Rescue League
"bi_uninstaller" = Bundled software uninstaller
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"Coupon Caddy" = Coupon Caddy
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Disney Toontown Online" = Disney Toontown Online
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Online Games Manager" = Online Games Manager v1.20
"Paltalk Messenger" = Paltalk Messenger 10.3
"PROSet" = Intel® PRO Network Connections Drivers
"SearchProtect" = Search Protect by conduit
"SMPlayer" = SMPlayer 0.6.9
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VLC media player" = VLC media player 2.0.4
"VTechDownloadManager" = Learning Lodge Navigator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2013 1:59:04 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The Error code is the first DWORD in Data
section.

Error - 4/16/2013 2:01:07 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 17646, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/16/2013 2:01:07 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Windows Workflow
Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The Error code
is the first DWORD in Data section.

Error - 4/16/2013 2:01:49 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 17646, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/16/2013 2:01:49 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 4/16/2013 2:01:50 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 17646, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/16/2013 2:01:50 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 4/16/2013 3:37:27 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 17646, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/16/2013 3:37:27 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/16/2013 3:37:30 PM | Computer Name = CFSL-12R-0926 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 17646, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 4/16/2013 4:03:57 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:07:02 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:07:12 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:07:23 PM | Computer Name = CFSL-12R-0926 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/16/2013 4:17:50 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:18:01 PM | Computer Name = CFSL-12R-0926 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/16/2013 4:45:27 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:45:37 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:45:47 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2013 4:45:57 PM | Computer Name = CFSL-12R-0926 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
-----------------------------------------------------------------------------------------------------------


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.4 (04.16.2013:1)
OS: Microsoft Windows XP x86
Ran by CFSL on Wed 04/17/2013 at 8:39:06.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\searchprotect
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1078081533-1788223648-1606980848-1003\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\crossrider
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions
Successfully deleted: [Registry Key] hkey_current_user\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updater.amiupd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012749.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012749.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012749.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012749.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0012749.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0012749.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0012749.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0012749.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110111271149}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\CFSL\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\CFSL\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\CFSL\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\CFSL\Application Data\swvupdater"
Successfully deleted: [Folder] "C:\Documents and Settings\CFSL\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\CFSL\Local Settings\Application Data\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\user.js
Successfully deleted: [File] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\jetpack
Successfully deleted: [Folder] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\smartbar
Successfully deleted: [Folder] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\extensions\staged
Successfully deleted: [Folder] C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted the following from C:\Documents and Settings\CFSL\Application Data\mozilla\firefox\profiles\qlnpt5wu.default\prefs.js

user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NDY4NzgxOCwidXVpZCI6OTQ1MTUxODc4MjUxODQwLCJzZXFfaWQiOjE1LCJzc2IiOjEzNTcyMzkwNTV9");
user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjo5NDUxNTE4NzgyNTE4NDAsInNlcV9pZCI6MX0=");
user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.FirstTime", "true");
user_pref("CT3220468.FirstTimeFF3", "true");
user_pref("CT3220468.LoginRevertSettingsEnabled", true);
user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3220468.RevertSettingsEnabled", true);
user_pref("CT3220468.UserID", "UN58477974828185791");
user_pref("CT3220468.YouTubeLang.enc", "VVM=");
user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3220468.autoDisableScopes", -1);
user_pref("CT3220468.cbcountry_001.enc", "Q0E=");
user_pref("CT3220468.cbfirsttime.enc", "VGh1IEphbiAwMyAyMDEzIDEyOjUwOjU0IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
user_pref("CT3220468.defaultSearch", "false");
user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3220468.enableAlerts", "always");
user_pref("CT3220468.enableFix404ByUser", "FALSE");
user_pref("CT3220468.enableSearchFromAddressBar", "false");
user_pref("CT3220468.firstTimeDialogOpened", "true");
user_pref("CT3220468.fixPageNotFoundError", "true");
user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3220468.fixUrls", true);
user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj
user_pref("CT3220468.hxxp___youtube_conduitapps_com_v3_3_0.APP_WIN_FEATURES.enc", "c2F2ZXJlc2l6ZWRzaXplPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCxvcGVucG9zaXRpb249YWxpZ25tZW50OkIsY2xvc2Vv
user_pref("CT3220468.installType", "xpe");
user_pref("CT3220468.isCheckedStartAsHidden", true);
user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
user_pref("CT3220468.isNewTabEnabled", false);
user_pref("CT3220468.isPerformedSmartBarTransition", "true");
user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.lastVersion", "10.14.65.43");
user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NDY4NzgxODU3OQ==");
user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNmNjN2Q4MzUtMTQwNS00NTZhLThhNTYtNGM1Zj
user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");
user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NDY4NzgxNzU3OQ==");
user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT3220468.mam_gk_userId.enc", "MTAxMGFhMjUtNzJlMC00N2M3LTkwZTAtZTE1ZjJhZmUzZDc0");
user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
user_pref("CT3220468.migrateAppsAndComponents", true);
user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fq%3D%26stype%3DResults%26Suggest%3D%26CUI%3
user_pref("CT3220468.openThankYouPage", "true");
user_pref("CT3220468.openUninstallPage", "false");
user_pref("CT3220468.price-gong.isManagedApp", "true");
user_pref("CT3220468.revertSettingsEnabled", "false");
user_pref("CT3220468.search.searchAppId", "129813684258939747");
user_pref("CT3220468.search.searchCount", "1");
user_pref("CT3220468.searchInNewTabEnabled", "false");
user_pref("CT3220468.searchInNewTabEnabledByUser", "false");
user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362587727388");
user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1363213576768");
user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363213687021");
user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1363213681959");
user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1362587608102");
user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363213683937");
user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363213687692");
user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1363213681622");
user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1363213681042");
user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363213682557");
user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363213686561");
user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1363213573212");
user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1363213686141");
user_pref("CT3220468.settingsINI", true);
user_pref("CT3220468.shouldFirstTimeDialog", "false");
user_pref("CT3220468.smartbar.CTID", "CT3220468");
user_pref("CT3220468.smartbar.Uninstall", "0");
user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
user_pref("CT3220468.startPage", "false");
user_pref("CT3220468.toolbarBornServerTime", "3-1-2013");
user_pref("CT3220468.toolbarCurrentServerTime", "14-3-2013");
user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3d3dy5mYWNlYm9vay5jb20vIzo6OmNsaWNraGFuZGxlcjo6OjEzNTk2MDQ4MDM2MTUsLCxodHRwOi8vd3d3LmZhY2Vib29rLmNvbS8/cmVmPWxvZ286OjpjbGl
user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364688216037,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT3289847.1000082.isPlayDisplay", "true");
user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}");
user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289847.FF19Solved", "true");
user_pref("CT3289847.FirstTime", "true");
user_pref("CT3289847.FirstTimeFF3", "true");
user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN26030630811962425&UM=2&q=");
user_pref("CT3289847.UserID", "UN26030630811962425");
user_pref("CT3289847.UserId.enc", "ZDlmMzEwYjctMTRkNS02NDUyLTM3MDktZTY0MjA1MmQ3OTg3");
user_pref("CT3289847.YouTubeLang.enc", "VVM=");
user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3289847.autoDisableScopes", -1);
user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
user_pref("CT3289847.defaultSearch", "true");
user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3289847.enableAlerts", "always");
user_pref("CT3289847.enableFix404ByUser", "TRUE");
user_pref("CT3289847.enableSearchFromAddressBar", "true");
user_pref("CT3289847.firstTimeDialogOpened", "true");
user_pref("CT3289847.fixPageNotFoundError", "true");
user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3289847.fixUrls", true);
user_pref("CT3289847.hxxp___api18_starwebnet_com.pid2.enc", "OTY4ODNiMzM4MjZmYzQ1Yg==");
user_pref("CT3289847.hxxp___api20_starwebnet_com.pid2.enc", "OTY4ODNiMzM4MjZmYzQ1Yg==");
user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTNlZDI3M2I4OTY4N2FjNTA1ZjlmYSIsIjczOGFhOGQzYmMwMmViODcxMmFjZDBlYjJjZjZkZmQ1Ii
user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7InR5cGUiOiJtZW51IiwiY2FwdGlvbiI6IiIsImltYWdlIjoiaW1hZ2VzL215d2FsbGV0X21pbi5wb
user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx
user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZDlmMzEwYjctMTRkNS02NDUyLTM3MDktZTY0MjA1MmQ3OTg3");
user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
user_pref("CT3289847.installDate", "7/3/2013 18:35:46");
user_pref("CT3289847.installId", "9818");
user_pref("CT3289847.installType", "conduitnsisintegration");
user_pref("CT3289847.isCheckedStartAsHidden", true);
user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3289847.keyword", "true");
user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN2603063081196242
user_pref("CT3289847.lastVersion", "10.14.65.43");
user_pref("CT3289847.mam_gk_Easytobook_appState.enc", "b24=");
user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2NDY4NzgyMTgzOQ==");
user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjNjNTE4ZTUxLWZiMTUtNDczZi04MGJiLWJlZWQxNm
user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjQuNg==");
user_pref("CT3289847.mam_gk_eventsCache.enc", "eyJjNjI0OTQyMy1lNDQ0LTQ4NGQtYTM3ZS04NmY3ZmZkMjJkMjAiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlk
user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MQ==");
user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2NDY4NzgxODUzMg==");
user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3289847.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTcyXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc3XzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT3289847.mam_gk_userId.enc", "Nzk1ZWZkOWItYWZlZC00ZWNkLWE2YTAtYTU5YmE5NzQ0NzEy");
user_pref("CT3289847.mam_gk_user_apps_selection.enc", "");
user_pref("CT3289847.migrateAppsAndComponents", true);
user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fq%3D%26stype%3DResults%26Suggest%3D%26CUI%3DUN26030630811962425%26U
user_pref("CT3289847.openThankYouPage", "false");
user_pref("CT3289847.openUninstallPage", "true");
user_pref("CT3289847.price-gong.isManagedApp", "true");
user_pref("CT3289847.revertSettingsEnabled", "true");
user_pref("CT3289847.search.searchAppId", "130068661007799818");
user_pref("CT3289847.search.searchCount", "0");
user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363213592449");
user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1363213593281");
user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363213592820");
user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1363213579942");
user_pref("CT3289847.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363213597229");
user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363213594811");
user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1363213581566");
user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1363213572673");
user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1363213592695");
user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363213593543");
user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1363213581913");
user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1363213594230");
user_pref("CT3289847.settingsINI", true);
user_pref("CT3289847.shouldFirstTimeDialog", "false");
user_pref("CT3289847.smartbar.CTID", "CT3289847");
user_pref("CT3289847.smartbar.Uninstall", "0");
user_pref("CT3289847.smartbar.homepage", true);
user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
user_pref("CT3289847.startPage", "true");
user_pref("CT3289847.toolbarBornServerTime", "14-3-2013");
user_pref("CT3289847.toolbarCurrentServerTime", "14-3-2013");
user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364688216415,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN26030630811962425&UM=2&UP=SPFD3DAE27-0A1C-4708-8474
user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN26030630811962425&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=24adccc1000000000000000d5627a115");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN26030630811962425&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN26030630811962425&UM=2&UP=SPFD3DAE27-0A1C-4708-8474-C53A
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=24adccc1000000000000000d5627a115");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "26");
user_pref("extensions.delta.cntry", "CA");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.hdrMd5", "121F99563BC5BEF65A9F66B7C7385E2B");
user_pref("extensions.delta.id", "24adccc1000000000000000d5627a115");
user_pref("extensions.delta.instlDay", "15761");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.10.016:08:24");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.016:08:24");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.fblayouts.sites", "{\n\"ap\": {\n \"hl\": {\"hxxp\": \"hxxp://www.hotlayouts2u.com/facebook-layouts/initJs.php\",\n \"hxxps\": \"hxxps://secur
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN26030630811962425&UM=2&q=");
user_pref("smartBar.searchInNewTabOwner", "CT3289847");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN26030630811962425&UM=2&UP=SPFD3DAE27-0A1C-4708-8474-
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN26030630811962425&UM=2&q=");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN26030630811962425&UM=2&UP=SPFD3DAE27-0A1C-4708-8474-C53
user_pref("smartbar.originalSearchAddressUrl", "");
user_pref("smartbar.originalSearchEngine", "Delta Search");
user_pref("extensions.crossriderapp12749.adsOldValue", -1);



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\CFSL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/17/2013 at 8:46:23.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

It looks like the JRT tool found some issues.

We need to run a new custom scan with OTL so that I can get a closer look at a few things.

We need to run an OTL Custom Scan

  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

  • 0

#5
princessss

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
i'm working on it, just had some problems with the modem...
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Thanks for letting me know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP