Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malaware, AD popups while browsing.

Started by Coloursz , Oct 23 2013 04:02 PM

  • Please log in to reply

#1
Coloursz
Posted 23 October 2013 - 04:02 PM

Coloursz

    New Member

  • Member
  • Pip
  • 4 posts
I am currently working on a friends computer trying to remove an infection from their system. I have ran quite a few tools trying to clear the infection, so far I think I have removed most of the things from his system but something still remains that is beyond my ability atm. I've used Malawarebytes, Roguekiller, HJT, Avast, Adaware, and combofix (I know this isn't supposed to be used normally, but I've used it before and didn't have any issues.)

Here is the problem that I am still having. While browsing and clicking on links sometimes I will have an issue where when I go to click on a link on mouseover the cursor will not change, it stays as a pointer instead of changing to the finger pointer, almost like it is lagging or hanging up. However as soon as I click a random popup will appear and the pointer will change to the proper finger.

I am running windows XP Pro (5.1 build 2600)

OTL logfile created on: 10/23/2013 5:44:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michael Hausman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 168.81 Mb Available Physical Memory | 16.66% Memory free
2.38 Gb Paging File | 1.68 Gb Available in Paging File | 70.60% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.76 Gb Free Space | 74.85% Space Free | Partition Type: NTFS

Computer Name: FACING-DOOR | User Name: Michael Hausman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 17:39:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe
PRC - [2013/10/19 17:04:50 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/04 18:26:04 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\MBxx\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\MBxx\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\MBxx\mbamscheduler.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 17:52:30 | 016,233,864 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/04 18:26:01 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/19 17:04:50 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/09 17:52:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/04 18:26:03 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\MBxx\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\MBxx\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/10/23 16:34:03 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/05/02 17:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch...6371452682DE6E7
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{2415FCAB-8BFD-4989-8E9F-22C80C3F89F1}: "URL" = http://search.condui...6372816532&UM=2
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\..\SearchScopes\{47A83BF8-A3EC-4903-BDFF-ECC8E4B74EDC}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{C0F51584-E565-4E7A-B2A6-0A6EF42749A4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3298580.browser.search.defaultthis.engineName: "true"
FF - prefs.js..CT3310511.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V44 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://securedsearch...371452682DE6E7"
FF - prefs.js..extensions.enabledAddons: %7Bbadea1ae-72ed-4f6a-8c37-4db9a4ac7bc9%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fast Free Converter\FastFreeConverter\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/04 18:25:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/14 13:47:28 | 000,000,000 | ---D | M]

[2012/07/03 16:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Extensions
[2013/10/23 16:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\extensions
[2013/10/23 16:14:31 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/08/30 14:03:24 | 000,000,000 | ---D | M] (Address Bar Search) -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
[2013/09/29 13:12:43 | 000,000,000 | ---D | M] (Word Layers) -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\extensions\[email protected]
[2013/10/22 17:48:17 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/04 18:13:02 | 000,002,144 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\MyStart Search.xml
[2013/10/05 13:40:29 | 000,001,094 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\sweetpacks-customized-web-search.xml
[2013/09/04 14:20:56 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\yahoo.xml
[2013/10/19 17:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/04 18:25:41 | 000,000,000 | ---D | M] (Word Layers) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/10/04 18:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/04 18:26:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://securedsearch...6371452682DE6E7
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Error reading preferences file
CHR - Extension: SweetPacks = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.21.1.507_0\
CHR - Extension: TidyNetwork.com = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgioolnkobnhllipnfbnmnhbdpkonapj\5.0.0.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/23 17:25:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.38.252.3 184.170.172.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{413EA0E8-8848-4FE7-B962-D6F41A35689E}: DhcpNameServer = 208.38.252.3 184.170.172.131
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 16:14:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/23 17:39:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe
[2013/10/23 17:19:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/23 17:18:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/23 17:18:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/23 17:18:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/23 17:18:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/23 17:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/23 17:15:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/10/23 17:15:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/10/23 17:15:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/10/23 17:14:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/23 17:05:33 | 005,137,218 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael Hausman\Desktop\ComboFix.exe
[2013/10/23 16:46:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/10/23 16:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\LavasoftStatistics
[2013/10/23 16:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2013/10/23 16:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/10/23 16:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\adawarebp
[2013/10/23 16:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/10/23 16:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/10/23 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\adawaretb
[2013/10/23 16:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/10/23 16:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/10/23 15:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Desktop\backups
[2013/10/22 18:47:25 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Michael Hausman\Desktop\HJT.exe
[2013/10/22 16:54:12 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/10/22 16:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/10/22 15:59:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/22 15:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\MBxx
[2013/10/22 15:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Desktop\RK_Quarantine
[2013/10/22 15:43:27 | 009,212,696 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Michael Hausman\Desktop\ProHit.exe
[2013/10/22 15:42:25 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael Hausman\Desktop\killatd.exe
[2013/10/22 15:41:10 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Hausman\Desktop\thisonething.exe
[2013/10/22 15:38:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Hausman\Recent
[2013/10/22 15:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/10/22 15:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/22 15:22:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/10/19 17:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Sun
[2013/10/19 17:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\AVAST Software
[2013/10/19 17:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\Malwarebytes
[2013/10/19 17:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/19 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/19 17:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/19 17:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/10 09:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2013/10/04 18:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/01 13:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/10/01 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/10/01 13:11:49 | 000,000,000 | ---D | C] -- C:\167a519225d4cebdda00b125f9f169
[2013/09/29 14:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/09/29 14:29:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/29 14:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\DefaultTab
[2013/09/29 14:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Helper
[2013/09/29 14:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
[2013/09/29 14:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2013/09/29 14:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\My Documents\Flash Player Pro
[2013/09/29 13:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\uPlayer
[2013/09/29 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2013/09/29 13:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/09/29 13:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/29 13:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\CRE
[2013/09/29 13:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Application Data\SearchProtect
[2013/09/29 13:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\AppData
[2013/09/29 13:14:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp
[2013/09/29 13:14:05 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/09/29 13:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/09/29 13:13:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/09/29 13:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/09/29 13:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Start Menu\Programs\Word Layers
[2013/09/29 13:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\WordLayers
[2013/09/29 13:11:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael Hausman\My Documents\My Videos
[2013/09/29 13:11:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael Hausman\Start Menu\Programs\Administrative Tools
[2013/09/29 13:11:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael Hausman\My Documents\My Music
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/23 17:39:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe
[2013/10/23 17:34:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003UA.job
[2013/10/23 17:26:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/23 17:25:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/10/23 17:25:52 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/23 17:25:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/23 17:19:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/23 17:05:32 | 005,137,218 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael Hausman\Desktop\ComboFix.exe
[2013/10/23 17:03:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 16:52:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/23 16:34:03 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/10/23 16:18:28 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB46E3CA-FBBA-4812-BCDB-FCA6DE1C49A5}.job
[2013/10/23 16:09:52 | 001,724,552 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Desktop\Adaware_Installer.exe
[2013/10/23 16:04:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/23 02:34:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003Core.job
[2013/10/22 18:47:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Michael Hausman\Desktop\HJT.exe
[2013/10/22 18:16:19 | 000,277,360 | ---- | M] () -- C:\MGlogs.zip
[2013/10/22 18:16:19 | 000,277,360 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Desktop\MGlogs.zip
[2013/10/22 15:59:50 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBXX.lnk
[2013/10/22 15:44:17 | 001,990,508 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Desktop\toolMG.exe
[2013/10/22 15:43:39 | 009,212,696 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Michael Hausman\Desktop\ProHit.exe
[2013/10/22 15:42:20 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael Hausman\Desktop\killatd.exe
[2013/10/22 15:40:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Hausman\Desktop\thisonething.exe
[2013/10/22 15:30:30 | 000,955,392 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Desktop\RogueKiller.exe
[2013/10/22 15:24:56 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/10/19 21:36:15 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/19 17:22:26 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/10/19 17:14:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/10/14 09:37:29 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Michael Hausman\ntuser.pol
[2013/10/14 03:41:09 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/14 03:22:45 | 000,476,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/14 03:22:45 | 000,077,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/29 15:52:14 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2013/09/29 15:51:57 | 000,000,012 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2013/09/29 14:36:20 | 000,001,423 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/29 14:26:46 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Michael Hausman\Desktop\Flash Player Pro.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/23 17:19:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/23 17:19:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/10/23 17:18:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/23 17:18:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/23 17:18:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/23 17:18:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/23 17:18:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/10/23 16:33:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/10/23 16:10:27 | 001,724,552 | ---- | C] () -- C:\Documents and Settings\Michael Hausman\Desktop\Adaware_Installer.exe
[2013/10/23 16:04:31 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/10/22 18:16:19 | 000,277,360 | ---- | C] () -- C:\Documents and Settings\Michael Hausman\Desktop\MGlogs.zip
[2013/10/22 16:54:15 | 000,277,360 | ---- | C] () -- C:\MGlogs.zip
[2013/10/22 15:59:50 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MBXX.lnk
[2013/10/22 15:44:47 | 001,990,508 | ---- | C] () -- C:\Documents and Settings\Michael Hausman\Desktop\toolMG.exe
[2013/10/22 15:30:46 | 000,955,392 | ---- | C] () -- C:\Documents and Settings\Michael Hausman\Desktop\RogueKiller.exe
[2013/10/22 15:24:56 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/09/29 14:33:25 | 000,001,423 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/29 14:29:13 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Michael Hausman\ntuser.pol
[2013/09/29 14:26:46 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Michael Hausman\Desktop\Flash Player Pro.lnk
[2012/03/31 14:25:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\IEGDUI.dll
[2012/02/16 01:06:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 20:03:16 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 15:01:39 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/12/02 15:01:39 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2011/12/02 15:01:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/12/02 15:01:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/12/02 15:00:32 | 000,000,240 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/12/01 17:02:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/12/01 16:16:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 16:12:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/01 15:25:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/12/01 11:07:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/01 11:06:23 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/09/29 14:31:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/23 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/10/23 16:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/23 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/10/19 17:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/10/22 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/10/23 16:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2012/03/31 14:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\.minecraft
[2013/10/23 16:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\adawaretb
[2013/10/19 17:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\AVAST Software
[2013/10/19 17:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\DefaultTab
[2011/12/01 19:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\Rovio
[2013/10/19 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\SearchProtect
[2013/09/29 13:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\uPlayer
[2013/09/29 14:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Hausman\Application Data\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/04/10 03:24:05 | 000,000,000 | ---D | M](C:\Documents and Settings\Michael Hausman\?²) -- C:\Documents and Settings\Michael Hausman\槀²
[2013/04/10 03:24:05 | 000,000,000 | ---D | M](C:\Documents and Settings\Michael Hausman\?²) -- C:\Documents and Settings\Michael Hausman\槀²
(C:\Documents and Settings\Michael Hausman\?²) -- C:\Documents and Settings\Michael Hausman\槀²

< End of report >

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 24 October 2013 - 11:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#3
Coloursz
Posted 29 October 2013 - 04:29 PM

Coloursz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here are the logs, thanks for the help.


# AdwCleaner v3.010 - Report created 29/10/2013 at 17:48:52
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Michael Hausman - FACING-DOOR
# Running from : C:\Documents and Settings\Michael Hausman\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Search Protection
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\File Type Helper
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\LocalService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\NetworkService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\WordLayers
Folder Deleted : C:\Documents and Settings\Michael Hausman\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Michael Hausman\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Michael Hausman\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Michael Hausman\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\adawaretb
Folder Deleted : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Smartbar
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
[!] Folder Deleted : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\user.js
File Deleted : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4jffxtbr@RadioRage_4j.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.XMLSessionPlugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6562E272-88E1-4DFF-8FF8-FE1A05323D36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E7ABF2A-8C44-4562-895D-DBCA3CDDD1A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA41198F-C3C5-47D8-99E1-1AB199E81723}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9E18E695-C9AF-4369-8CC3-93141C2928AF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\RadioRage_4j
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\RadioRage_4j
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\prefs.js ]

Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.UserID", "UN26411895911734913");
Line Deleted : user_pref("CT3298580.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298580.fullUserID", "UN26411895911734913.IN.20130929142703");
Line Deleted : user_pref("CT3298580.installDate", "29/09/2013 14:27:12");
Line Deleted : user_pref("CT3298580.installSessionId", "{0DCAB866-AC87-436F-ABF1-D351AC943995}");
Line Deleted : user_pref("CT3298580.installSp", "TRUE");
Line Deleted : user_pref("CT3298580.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3298580.keyword", "true");
Line Deleted : user_pref("CT3298580.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN29702720023206318&UM=2&SearchSource=13");
Line Deleted : user_pref("CT3298580.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("CT3298580.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3298580.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3298580.searchRevert", "false");
Line Deleted : user_pref("CT3298580.searchUserMode", "2");
Line Deleted : user_pref("CT3298580.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298580.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3298580.xpeMode", "0");
Line Deleted : user_pref("CT3310511.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.FirstTime", "true");
Line Deleted : user_pref("CT3310511.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3310511.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM4MDk5NDg1MQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MjIxNjIyMA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mw==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MjIxNjk1MA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MDk5NTE2MQ==");
Line Deleted : user_pref("CT3310511.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3310511.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3310511.SF_USER_ID.enc", "Y2lkXzUxMDIwMTMxMzQwNDk3Nzk3NTYy");
Line Deleted : user_pref("CT3310511.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN29702720023206318&UM=2&q=");
Line Deleted : user_pref("CT3310511.UserID", "UN29702720023206318");
Line Deleted : user_pref("CT3310511.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3310511.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.cb_experience_000.enc", "NQ==");
Line Deleted : user_pref("CT3310511.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3310511.cb_user_id_000.enc", "Q0I2NzI0MTQ0NDIyNTBfMTM4MTA4MTkyMTU0MV9GaXJlZm94");
Line Deleted : user_pref("CT3310511.cbfirsttime.enc", "U2F0IE9jdCAwNSAyMDEzIDEzOjQwOjMzIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3310511.countryCode", "US");
Line Deleted : user_pref("CT3310511.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3310511.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgwOTk0ODYyNTY0LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3310511.discover-user-id.enc", "ImJiZDdmYWM5LTBlMWUtNDVlMS05NzRlLTBmMjBjMzA1ZTA0ZCI=");
Line Deleted : user_pref("CT3310511.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN29702720023206318.IN.20130929131437");
Line Deleted : user_pref("CT3310511.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3310511.installDate", "29/09/2013 13:14:50");
Line Deleted : user_pref("CT3310511.installSessionId", "{220F0E71-E537-40FD-95FD-4586CCA21389}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installType", "DirectDownload");
Line Deleted : user_pref("CT3310511.installUsage", "2013-10-05T20:40:50.4191642+03:00");
Line Deleted : user_pref("CT3310511.installUsageEarly", "2013-10-05T20:40:26.3797183+03:00");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3310511.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3310511.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3310511.keyword", true);
Line Deleted : user_pref("CT3310511.lastVersion", "10.20.1.508");
Line Deleted : user_pref("CT3310511.mam_gk_appStateReportTime.enc", "MTM4MjIxNjE0NDMzOQ==");
Line Deleted : user_pref("CT3310511.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3310511.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3310511.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIzYzNiYTVlNS1lMzNiLTQ2NDMtODZiOC1kMGVhODc0ZGQyMmQiLCJ[...]
Line Deleted : user_pref("CT3310511.mam_gk_currentBadgeValue.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3310511.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3310511.mam_gk_lastLoginTime.enc", "MTM4MjIxNjE0Nzk0OQ==");
Line Deleted : user_pref("CT3310511.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3310511.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_newApps.enc", "W3siaWQiOiJFYXN5dG9ib29rY2FycyIsIm5hbWUiOiJlYXN5dG9ib29rIENhcnMiLCJkZXNjcmlwdGlvbiI6IlNtYXJ0IGNhciByZW50YWwgcHJpY2luZyBhcHAgdGhhdCB3aWxsIG9ubHkgZ2l2ZSB5b3UgY[...]
Line Deleted : user_pref("CT3310511.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3310511.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3310511.mam_gk_userId.enc", "MGUyYmEyNGYtZjY4MC00OGUyLThhM2QtZGE3MTE0YjQwYzI2");
Line Deleted : user_pref("CT3310511.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3310511.originalHomepage", "about:home");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&SearchSource=2&CUI=UN26411895911734913&UM=2&q=");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3310511.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3310511.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3310511.search.searchAppId", "10000002");
Line Deleted : user_pref("CT3310511.search.searchCount", "0");
Line Deleted : user_pref("CT3310511.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.serviceLayer_services_Configuration_lastUpdate", "1381244325986");
Line Deleted : user_pref("CT3310511.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380994819305");
Line Deleted : user_pref("CT3310511.serviceLayer_services_appsMetadata_lastUpdate", "1381248866830");
Line Deleted : user_pref("CT3310511.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380994819456");
Line Deleted : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1380994817379");
Line Deleted : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1380994841622");
Line Deleted : user_pref("CT3310511.serviceLayer_services_login_10.20.1.508_lastUpdate", "1381244325514");
Line Deleted : user_pref("CT3310511.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380994819632");
Line Deleted : user_pref("CT3310511.serviceLayer_services_searchAPI_lastUpdate", "1381244325933");
Line Deleted : user_pref("CT3310511.serviceLayer_services_serviceMap_lastUpdate", "1381244325726");
Line Deleted : user_pref("CT3310511.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380994819402");
Line Deleted : user_pref("CT3310511.serviceLayer_services_toolbarSettings_lastUpdate", "1381256069067");
Line Deleted : user_pref("CT3310511.serviceLayer_services_translation_lastUpdate", "1381244325695");
Line Deleted : user_pref("CT3310511.settingsINI", true);
Line Deleted : user_pref("CT3310511.showToolbarPermission", "false");
Line Deleted : user_pref("CT3310511.smartbar.CTID", "CT3310511");
Line Deleted : user_pref("CT3310511.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.smartbar.toolbarName", "SweetPacks ");
Line Deleted : user_pref("CT3310511.toolbarBornServerTime", "5-10-2013");
Line Deleted : user_pref("CT3310511.toolbarCurrentServerTime", "8-10-2013");
Line Deleted : user_pref("CT3310511.toolbarLoginClientTime", "Sat Oct 05 2013 13:40:41 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3310511.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tLz9yZWY9bG9nbzo6OmNsaWNraGFuZGxlcjo6OjEzODA5OTg1NTMxNjMsLCxodHRwczovL3d3dy5mYWNlYm9vay5jb20vP3JlZj1sb2dvOjo6Y2xpY2toYW5kbGVy[...]
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3310511&SearchSource=13&CUI=UN29702720023206318&UP=SP7D1140A6-C876-418F-B1FD-76F504C24798");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN29702720023206318&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3310511");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V44 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&CUI=UN26411895911734913&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN29702720023206318&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26411895911734913&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&SearchSource=2&CUI=UN26411895911734913&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.machineId", "P3LTPSL9SKIHSWFIE6RBQHYXPJOH5/EIZEYQDGYGUHMYEDDQSR78AOBEJL037MZEU3O91+48IJX60RVNV6WZBA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26411895911734913&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [34998 octets] - [29/10/2013 17:28:39]
AdwCleaner[S0].txt - [35715 octets] - [29/10/2013 17:48:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35776 octets] ##########


# AdwCleaner v3.010 - Report created 29/10/2013 at 17:28:39
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Michael Hausman - FACING-DOOR
# Running from : C:\Documents and Settings\Michael Hausman\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\user.js
File Found : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Found C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\All Users\Application Data\Search Protection
Folder Found C:\Documents and Settings\LocalService\AppData\LocalLow\Fast Free Converter
Folder Found C:\Documents and Settings\Michael Hausman\AppData\LocalLow\Fast Free Converter
Folder Found C:\Documents and Settings\Michael Hausman\Application Data\adawaretb
Folder Found C:\Documents and Settings\Michael Hausman\Application Data\DefaultTab
Folder Found C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\adawaretb
Folder Found C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Smartbar
Folder Found C:\Documents and Settings\Michael Hausman\Application Data\Searchprotect
Folder Found C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\WordLayers
Folder Found C:\Documents and Settings\NetworkService\AppData\LocalLow\Fast Free Converter
Folder Found C:\Program Files\Common Files\spigot
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\File Type Helper
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\optimizer pro
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\Toolbar Cleaner
Folder Found C:\WINDOWS\system32\ARFC
Folder Found C:\WINDOWS\system32\jmdp
Folder Found C:\WINDOWS\system32\WNLT

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Found : HKCU\Software\RadioRage_4j
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6562E272-88E1-4DFF-8FF8-FE1A05323D36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E7ABF2A-8C44-4562-895D-DBCA3CDDD1A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA41198F-C3C5-47D8-99E1-1AB199E81723}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9E18E695-C9AF-4369-8CC3-93141C2928AF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Fast Free Converter
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Found : HKLM\Software\RadioRage_4j
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : HKLM\Software\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4jffxtbr@RadioRage_4j.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\prefs.js ]

Line Found : user_pref("CT3298580.FF19Solved", "true");
Line Found : user_pref("CT3298580.UserID", "UN26411895911734913");
Line Found : user_pref("CT3298580.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3298580.fullUserID", "UN26411895911734913.IN.20130929142703");
Line Found : user_pref("CT3298580.installDate", "29/09/2013 14:27:12");
Line Found : user_pref("CT3298580.installSessionId", "{0DCAB866-AC87-436F-ABF1-D351AC943995}");
Line Found : user_pref("CT3298580.installSp", "TRUE");
Line Found : user_pref("CT3298580.installerVersion", "1.7.1.4");
Line Found : user_pref("CT3298580.keyword", "true");
Line Found : user_pref("CT3298580.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN29702720023206318&UM=2&SearchSource=13");
Line Found : user_pref("CT3298580.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Found : user_pref("CT3298580.originalSearchEngine", "Yahoo");
Line Found : user_pref("CT3298580.originalSearchEngineName", "Yahoo");
Line Found : user_pref("CT3298580.searchRevert", "false");
Line Found : user_pref("CT3298580.searchUserMode", "2");
Line Found : user_pref("CT3298580.smartbar.homepage", "true");
Line Found : user_pref("CT3298580.versionFromInstaller", "10.20.1.8");
Line Found : user_pref("CT3298580.xpeMode", "0");
Line Found : user_pref("CT3310511.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Found : user_pref("CT3310511.FF19Solved", "true");
Line Found : user_pref("CT3310511.FirstTime", "true");
Line Found : user_pref("CT3310511.FirstTimeFF3", "true");
Line Found : user_pref("CT3310511.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM4MDk5NDg1MQ==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MjIxNjIyMA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mw==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MjIxNjk1MA==");
Line Found : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MDk5NTE2MQ==");
Line Found : user_pref("CT3310511.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3310511.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3310511.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3310511.SF_USER_ID.enc", "Y2lkXzUxMDIwMTMxMzQwNDk3Nzk3NTYy");
Line Found : user_pref("CT3310511.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN29702720023206318&UM=2&q=");
Line Found : user_pref("CT3310511.UserID", "UN29702720023206318");
Line Found : user_pref("CT3310511.acp_personal.appstate.enc", "ZW5hYmxl");
Line Found : user_pref("CT3310511.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3310511.cb_experience_000.enc", "NQ==");
Line Found : user_pref("CT3310511.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3310511.cb_user_id_000.enc", "Q0I2NzI0MTQ0NDIyNTBfMTM4MTA4MTkyMTU0MV9GaXJlZm94");
Line Found : user_pref("CT3310511.cbfirsttime.enc", "U2F0IE9jdCAwNSAyMDEzIDEzOjQwOjMzIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT3310511.countryCode", "US");
Line Found : user_pref("CT3310511.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Found : user_pref("CT3310511.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgwOTk0ODYyNTY0LDE0NDAwMDAwXX0=");
Line Found : user_pref("CT3310511.discover-user-id.enc", "ImJiZDdmYWM5LTBlMWUtNDVlMS05NzRlLTBmMjBjMzA1ZTA0ZCI=");
Line Found : user_pref("CT3310511.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3310511.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3310511.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3310511.fullUserID", "UN29702720023206318.IN.20130929131437");
Line Found : user_pref("CT3310511.ground-country-code.enc", "IlVTIg==");
Line Found : user_pref("CT3310511.installDate", "29/09/2013 13:14:50");
Line Found : user_pref("CT3310511.installSessionId", "{220F0E71-E537-40FD-95FD-4586CCA21389}");
Line Found : user_pref("CT3310511.installSp", "TRUE");
Line Found : user_pref("CT3310511.installType", "DirectDownload");
Line Found : user_pref("CT3310511.installUsage", "2013-10-05T20:40:50.4191642+03:00");
Line Found : user_pref("CT3310511.installUsageEarly", "2013-10-05T20:40:26.3797183+03:00");
Line Found : user_pref("CT3310511.installerVersion", "1.7.1.4");
Line Found : user_pref("CT3310511.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3310511.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3310511.keyword", true);
Line Found : user_pref("CT3310511.lastVersion", "10.20.1.508");
Line Found : user_pref("CT3310511.mam_gk_appStateReportTime.enc", "MTM4MjIxNjE0NDMzOQ==");
Line Found : user_pref("CT3310511.mam_gk_appState_ACplus.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Found : user_pref("CT3310511.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3310511.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIzYzNiYTVlNS1lMzNiLTQ2NDMtODZiOC1kMGVhODc0ZGQyMmQiLCJ[...]
Line Found : user_pref("CT3310511.mam_gk_currentBadgeValue.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3310511.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3310511.mam_gk_lastLoginTime.enc", "MTM4MjIxNjE0Nzk0OQ==");
Line Found : user_pref("CT3310511.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3310511.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3310511.mam_gk_newApps.enc", "W3siaWQiOiJFYXN5dG9ib29rY2FycyIsIm5hbWUiOiJlYXN5dG9ib29rIENhcnMiLCJkZXNjcmlwdGlvbiI6IlNtYXJ0IGNhciByZW50YWwgcHJpY2luZyBhcHAgdGhhdCB3aWxsIG9ubHkgZ2l2ZSB5b3UgY[...]
Line Found : user_pref("CT3310511.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3310511.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Found : user_pref("CT3310511.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3310511.mam_gk_userId.enc", "MGUyYmEyNGYtZjY4MC00OGUyLThhM2QtZGE3MTE0YjQwYzI2");
Line Found : user_pref("CT3310511.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3310511.originalHomepage", "about:home");
Line Found : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&SearchSource=2&CUI=UN26411895911734913&UM=2&q=");
Line Found : user_pref("CT3310511.originalSearchEngine", "Yahoo");
Line Found : user_pref("CT3310511.originalSearchEngineName", "Yahoo");
Line Found : user_pref("CT3310511.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3310511.revertSettingsEnabled", "false");
Line Found : user_pref("CT3310511.search.searchAppId", "10000002");
Line Found : user_pref("CT3310511.search.searchCount", "0");
Line Found : user_pref("CT3310511.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3310511.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3310511.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3310511.searchRevert", "false");
Line Found : user_pref("CT3310511.searchSuggestEnabledByUser", "TRUE");
Line Found : user_pref("CT3310511.searchUserMode", "2");
Line Found : user_pref("CT3310511.serviceLayer_services_Configuration_lastUpdate", "1381244325986");
Line Found : user_pref("CT3310511.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380994819305");
Line Found : user_pref("CT3310511.serviceLayer_services_appsMetadata_lastUpdate", "1381248866830");
Line Found : user_pref("CT3310511.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380994819456");
Line Found : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1380994817379");
Line Found : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1380994841622");
Line Found : user_pref("CT3310511.serviceLayer_services_login_10.20.1.508_lastUpdate", "1381244325514");
Line Found : user_pref("CT3310511.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380994819632");
Line Found : user_pref("CT3310511.serviceLayer_services_searchAPI_lastUpdate", "1381244325933");
Line Found : user_pref("CT3310511.serviceLayer_services_serviceMap_lastUpdate", "1381244325726");
Line Found : user_pref("CT3310511.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380994819402");
Line Found : user_pref("CT3310511.serviceLayer_services_toolbarSettings_lastUpdate", "1381256069067");
Line Found : user_pref("CT3310511.serviceLayer_services_translation_lastUpdate", "1381244325695");
Line Found : user_pref("CT3310511.settingsINI", true);
Line Found : user_pref("CT3310511.showToolbarPermission", "false");
Line Found : user_pref("CT3310511.smartbar.CTID", "CT3310511");
Line Found : user_pref("CT3310511.smartbar.Uninstall", "0");
Line Found : user_pref("CT3310511.smartbar.homepage", "true");
Line Found : user_pref("CT3310511.smartbar.toolbarName", "SweetPacks ");
Line Found : user_pref("CT3310511.toolbarBornServerTime", "5-10-2013");
Line Found : user_pref("CT3310511.toolbarCurrentServerTime", "8-10-2013");
Line Found : user_pref("CT3310511.toolbarLoginClientTime", "Sat Oct 05 2013 13:40:41 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3310511.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tLz9yZWY9bG9nbzo6OmNsaWNraGFuZGxlcjo6OjEzODA5OTg1NTMxNjMsLCxodHRwczovL3d3dy5mYWNlYm9vay5jb20vP3JlZj1sb2dvOjo6Y2xpY2toYW5kbGVy[...]
Line Found : user_pref("CT3310511.versionFromInstaller", "10.20.1.8");
Line Found : user_pref("CT3310511.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3310511&SearchSource=13&CUI=UN29702720023206318&UP=SP7D1140A6-C876-418F-B1FD-76F504C24798");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN29702720023206318&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3310511");
Line Found : user_pref("browser.search.defaultthis.engineName", "MixiDJ V44 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&CUI=UN26411895911734913&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN29702720023206318&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26411895911734913&UM=2[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&SearchSource=2&CUI=UN26411895911734913&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Found : user_pref("smartbar.machineId", "P3LTPSL9SKIHSWFIE6RBQHYXPJOH5/EIZEYQDGYGUHMYEDDQSR78AOBEJL037MZEU3O91+48IJX60RVNV6WZBA");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN26411895911734913&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [34856 octets] - [29/10/2013 17:28:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [34917 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Michael Hausman on Tue 10/29/2013 at 18:02:25.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-299502267-854245398-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2415FCAB-8BFD-4989-8E9F-22C80C3F89F1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47A83BF8-A3EC-4903-BDFF-ECC8E4B74EDC}



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Michael Hausman\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\cre"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Michael Hausman\Application Data\mozilla\firefox\profiles\bo0zpdcg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Documents and Settings\Michael Hausman\Application Data\mozilla\firefox\profiles\bo0zpdcg.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-23&ent=hp&u=35113FBBAB97476FB6371452682DE6E7");
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_5&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Documents and Settings\Michael Hausman\Application Data\mozilla\firefox\profiles\bo0zpdcg.default\minidumps [3 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/29/2013 at 18:05:25.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-10-2013
Ran by Michael Hausman at 2013-10-29 18:11:19
Running from C:\Documents and Settings\Michael Hausman\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
CCleaner (Version: 4.06)
Conexant D850 56K V.9x DFVc Modem
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Flash Player Pro V5.4
Google Chrome (HKCU Version: 30.0.1599.101)
Google Desktop (Version: 5.9.1005.12335)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5408)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Word Layers (HKCU Version: 3)

==================== Restore Points =========================


==================== Hosts content: ==========================

2001-08-23 08:00 - 2013-10-23 17:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003Core.job => C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003UA.job => C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB46E3CA-FBBA-4812-BCDB-FCA6DE1C49A5}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-04 18:25 - 2013-10-04 18:26 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2013 04:18:05 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 24.0.0.5001, faulting module xul.dll, version 24.0.0.5001, fault address 0x005f09fc.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/21/2013 03:04:12 PM) (Source: ESENT) (User: )
Description: wuauclt (3812) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/21/2013 03:04:02 PM) (Source: ESENT) (User: )
Description: wuauclt (3812) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/14/2013 03:41:41 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/03/2013 05:09:48 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (63420) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (10/01/2013 03:14:14 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry policy file, C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Error: (10/01/2013 03:14:09 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry information at C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Error: (10/01/2013 03:14:09 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (10/01/2013 01:38:04 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry policy file, C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Error: (10/01/2013 01:38:04 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry information at C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).


System errors:
=============
Error: (10/23/2013 04:46:39 PM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly. It has done this 1 time(s).

Error: (10/22/2013 04:41:59 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/22/2013 04:22:08 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/22/2013 03:40:07 PM) (Source: DCOM) (User: FACING-DOOR)
Description: The server {00024500-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (10/22/2013 02:14:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (10/22/2013 02:11:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (10/22/2013 02:09:29 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (10/22/2013 02:09:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (10/22/2013 02:09:29 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

Error: (10/22/2013 02:05:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (10/22/2013 04:18:05 PM) (Source: Application Error)(User: )
Description: plugin-container.exe24.0.0.5001xul.dll24.0.0.5001005f09fc

Error: (10/21/2013 03:04:12 PM) (Source: ESENT)(User: )
Description: wuauclt3812C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (10/21/2013 03:04:02 PM) (Source: ESENT)(User: )
Description: wuauclt3812C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (10/14/2013 03:41:41 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/03/2013 05:09:48 AM) (Source: ESENT)(User: )
Description: wuaueng.dll63420SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (10/01/2013 03:14:14 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: C:\Documents and Settings\Michael Hausman\ntuser.polInsufficient system resources exist to complete the requested service.

Error: (10/01/2013 03:14:09 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: C:\Documents and Settings\Michael Hausman\ntuser.polInsufficient system resources exist to complete the requested service.

Error: (10/01/2013 03:14:09 AM) (Source: Userenv)(User: NT AUTHORITY)
Description:

Error: (10/01/2013 01:38:04 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: C:\Documents and Settings\Michael Hausman\ntuser.polInsufficient system resources exist to complete the requested service.

Error: (10/01/2013 01:38:04 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: C:\Documents and Settings\Michael Hausman\ntuser.polInsufficient system resources exist to complete the requested service.


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 1013.1 MB
Available physical RAM: 376.3 MB
Total Pagefile: 2440.44 MB
Available Pagefile: 1928.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:57.5 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Michael Hausman (administrator) on FACING-DOOR on 29-10-2013 18:10:17
Running from C:\Documents and Settings\Michael Hausman\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16132608 2007-04-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C0F51584-E565-4E7A-B2A6-0A6EF42749A4} URL = http://search.yahoo....p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.38.252.3 184.170.172.131

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\searchplugins\sweetpacks-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Word Layers - C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Extensions\[email protected]
FF Extension: Address Bar Search - C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: Adblock Plus - C:\Documents and Settings\Michael Hausman\Application Data\Mozilla\Firefox\Profiles\bo0zpdcg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Word Layers - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: "homepage": "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-23&ent=hp&u=35113FBBAB97476FB6371452682DE6E7",
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-23&ent=hp&u=35113FBBAB97476FB6371452682DE6E7", "hxxp://www.google.com/"
CHR Plugin: ( "name": "Remoting Viewer",) - "path": "internal-remoting-viewer",
CHR Plugin: ( "name": "Native Client",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll", No File
CHR Plugin: ( "name": "Chrome PDF Viewer",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll", No File
CHR Plugin: ( "name": "Shockwave Flash",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll", No File
CHR Plugin: ( "name": "Coupons Inc., Coupon Printer Manager ",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll", No File
CHR Plugin: ( "name": "Coupons Inc., Coupon Printer Manager ",) - "path": "C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll", No File
CHR Plugin: ( "name": "Adobe Acrobat",) - "path": "C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll", No File
CHR Plugin: ( "name": "Java Deployment Toolkit 6.0.310.5",) - "path": "C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll", No File
CHR Plugin: ( "name": "Java™ Platform SE 6 U31",) - "path": "C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll", No File
CHR Plugin: ( "name": "Microsoft® DRM",) - "path": "C:\Program Files\Windows Media Player\npdrmv2.dll", No File
CHR Plugin: ( "name": "Microsoft® DRM",) - "path": "C:\Program Files\Windows Media Player\npwmsdrm.dll", No File
CHR Plugin: ( "name": "Windows Media Player Plug-in Dynamic Link Library",) - "path": "C:\Program Files\Windows Media Player\npdsplay.dll", No File
CHR Plugin: ( "name": "Google Update",) - "path": "C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll", No File
CHR Plugin: ( "name": "Microsoft Office 2010",) - "path": "C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL", No File
CHR Plugin: ( "name": "Microsoft Office 2010",) - "path": "C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL", No File
CHR Plugin: ( "name": "Google Earth Plugin",) - "path": "C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll", No File
CHR Extension: (TidyNetwork.com ) - C:\DOCUME~1\MICHAE~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mgioolnkobnhllipnfbnmnhbdpkonapj\5.0.0.0_0
CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-12-07] (Google)
S2 MBAMScheduler; C:\Program Files\MBxx\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\MBxx\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
U3 TrueSight; C:\WINDOWS\system32\TrueSight.sys [26624 2013-10-23] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\FRST
2013-10-29 18:05 - 2013-10-29 18:05 - 00003074 _____ C:\Documents and Settings\Michael Hausman\Desktop\JRT.txt
2013-10-29 18:02 - 2013-10-29 18:02 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 17:54 - 2013-10-29 17:54 - 01033335 _____ (Thisisu) C:\Documents and Settings\Michael Hausman\Desktop\JRT.exe
2013-10-29 17:28 - 2013-10-29 17:49 - 00000000 ____D C:\AdwCleaner
2013-10-29 17:28 - 2013-10-29 17:28 - 01060070 _____ C:\Documents and Settings\Michael Hausman\Desktop\AdwCleaner.exe
2013-10-23 18:18 - 2013-10-23 18:18 - 00000000 ___SD C:\ComboFix
2013-10-23 17:49 - 2013-10-23 18:10 - 00103378 _____ C:\Documents and Settings\Michael Hausman\Desktop\OTL.Txt
2013-10-23 17:49 - 2013-10-23 17:49 - 00039250 _____ C:\Documents and Settings\Michael Hausman\Desktop\Extras.Txt
2013-10-23 17:39 - 2013-10-23 17:39 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe
2013-10-23 17:29 - 2013-10-23 17:29 - 00020834 _____ C:\ComboFix.txt
2013-10-23 17:24 - 2013-10-23 17:24 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-23 17:19 - 2013-10-23 17:19 - 00000000 _RSHD C:\cmdcons
2013-10-23 17:19 - 2011-12-01 16:37 - 00000211 _____ C:\Boot.bak
2013-10-23 17:19 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-23 17:14 - 2013-10-23 18:18 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-23 16:50 - 2013-10-23 16:50 - 00001789 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10232013_165005.txt
2013-10-23 16:33 - 2013-10-23 16:34 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys
2013-10-23 16:28 - 2013-10-23 16:28 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\LavasoftStatistics
2013-10-23 16:14 - 2013-10-23 16:47 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-23 16:14 - 2013-10-23 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-10-23 16:11 - 2013-10-23 16:12 - 00009301 _____ C:\WINDOWS\KB942288-v3.log
2013-10-23 16:11 - 2013-10-23 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2013-10-23 16:10 - 2013-10-23 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2013-10-23 16:10 - 2013-10-23 16:09 - 01724552 _____ C:\Documents and Settings\Michael Hausman\Desktop\Adaware_Installer.exe
2013-10-23 16:04 - 2013-10-23 16:12 - 00013500 _____ C:\WINDOWS\iis6.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00012365 _____ C:\WINDOWS\FaxSetup.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00005912 _____ C:\WINDOWS\ocgen.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00005643 _____ C:\WINDOWS\tsoc.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00004085 _____ C:\WINDOWS\comsetup.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00003838 _____ C:\WINDOWS\msmqinst.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00002478 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00002166 _____ C:\WINDOWS\netfxocm.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00000850 _____ C:\WINDOWS\MedCtrOC.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00000684 _____ C:\WINDOWS\ocmsn.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00000622 _____ C:\WINDOWS\tabletoc.log
2013-10-23 16:04 - 2013-10-23 16:12 - 00000618 _____ C:\WINDOWS\msgsocm.log
2013-10-23 16:04 - 2013-10-23 16:04 - 00003487 _____ C:\WINDOWS\ie8Uninst.log
2013-10-23 16:04 - 2013-10-23 16:04 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-23 15:55 - 2013-10-23 15:55 - 00001871 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_D_10232013_155532.txt
2013-10-23 15:53 - 2013-10-23 15:53 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\backups
2013-10-22 18:50 - 2013-10-23 16:56 - 00005576 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.log
2013-10-22 18:47 - 2013-10-22 18:47 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Michael Hausman\Desktop\HJT.exe
2013-10-22 18:44 - 2013-10-23 18:02 - 00025004 _____ C:\WINDOWS\setupapi.log
2013-10-22 18:29 - 2013-10-22 18:29 - 00001818 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_182945.txt
2013-10-22 18:28 - 2013-10-22 18:15 - 00008377 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.txt
2013-10-22 18:16 - 2013-10-22 18:16 - 00277360 _____ C:\Documents and Settings\Michael Hausman\Desktop\MGlogs.zip
2013-10-22 16:54 - 2013-10-22 18:16 - 00277360 _____ C:\MGlogs.zip
2013-10-22 16:54 - 2013-10-22 18:16 - 00000000 ____D C:\MGtools
2013-10-22 16:33 - 2013-10-22 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-22 15:59 - 2013-10-22 15:59 - 00000626 _____ C:\Documents and Settings\All Users\Desktop\MBXX.lnk
2013-10-22 15:59 - 2013-10-22 15:59 - 00000000 ____D C:\Program Files\MBxx
2013-10-22 15:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-22 15:56 - 2013-10-22 15:56 - 00001521 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_155629.txt
2013-10-22 15:48 - 2013-10-23 15:55 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\RK_Quarantine
2013-10-22 15:44 - 2013-10-22 15:44 - 01990508 _____ C:\Documents and Settings\Michael Hausman\Desktop\toolMG.exe
2013-10-22 15:43 - 2013-10-22 15:43 - 09212696 _____ (SurfRight B.V.) C:\Documents and Settings\Michael Hausman\Desktop\ProHit.exe
2013-10-22 15:42 - 2013-10-22 15:42 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Michael Hausman\Desktop\killatd.exe
2013-10-22 15:41 - 2013-10-22 15:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Michael Hausman\Desktop\thisonething.exe
2013-10-22 15:30 - 2013-10-22 15:30 - 00955392 _____ C:\Documents and Settings\Michael Hausman\Desktop\RogueKiller.exe
2013-10-22 15:24 - 2013-10-22 15:24 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\CCleaner
2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-10-22 15:22 - 2013-10-22 15:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-10-19 17:37 - 2013-10-19 17:37 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Sun
2013-10-19 17:33 - 2013-10-19 17:33 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\AVAST Software
2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\Malwarebytes
2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-19 17:06 - 2013-10-19 17:05 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 17:06 - 2013-10-19 17:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 17:06 - 2013-10-19 17:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 17:06 - 2013-10-19 17:04 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 17:06 - 2013-10-19 17:04 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 17:04 - 2013-10-19 17:04 - 00000000 ____D C:\Program Files\Java
2013-10-14 03:19 - 2013-10-14 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-14 03:18 - 2013-10-14 03:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-14 03:09 - 2013-10-14 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-14 03:05 - 2013-10-22 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-14 03:05 - 2013-10-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-13 15:56 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-13 15:50 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-13 15:50 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-13 15:50 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-10 12:53 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 12:53 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-10 12:53 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-10 09:35 - 2013-10-10 09:35 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2013-10-09 17:52 - 2013-10-09 17:52 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-04 18:25 - 2013-10-05 13:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-02 08:03 - 2013-10-02 08:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$
2013-10-01 19:03 - 2009-01-09 15:19 - 01089593 ____C C:\WINDOWS\system32\dllcache\ntprint.cat
2013-10-01 13:15 - 2013-10-04 18:50 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-01 13:14 - 2013-10-01 13:14 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-01 13:11 - 2013-10-01 13:13 - 00000000 ____D C:\167a519225d4cebdda00b125f9f169
2013-10-01 13:11 - 2008-07-06 08:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2013-10-01 13:11 - 2008-07-06 08:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2013-10-01 13:11 - 2008-07-06 08:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2013-10-01 13:11 - 2008-07-06 08:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2013-10-01 13:11 - 2008-07-06 08:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2013-10-01 13:11 - 2008-07-06 08:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2013-10-01 13:11 - 2008-07-06 06:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2013-09-29 14:33 - 2013-09-29 14:36 - 00001423 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2013-09-29 14:29 - 2013-10-14 09:37 - 00000884 __RSH C:\Documents and Settings\Michael Hausman\ntuser.pol
2013-09-29 14:29 - 2013-09-29 14:29 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-29 14:26 - 2013-09-29 14:26 - 00000778 _____ C:\Documents and Settings\Michael Hausman\Desktop\Flash Player Pro.lnk
2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Program Files\Flash Player Pro
2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\Michael Hausman\My Documents\Flash Player Pro
2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Program Files\uPlayer
2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\uPlayer
2013-09-29 13:14 - 2013-07-04 03:12 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-09-29 13:14 - 2013-07-04 03:12 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-09-29 13:14 - 2013-07-04 03:12 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-09-29 13:14 - 2013-07-04 03:11 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2013-09-29 13:14 - 2013-07-04 03:11 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2013-09-29 13:14 - 2013-07-04 03:11 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2013-09-29 13:12 - 2013-09-29 13:12 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Start Menu\Programs\Word Layers

==================== One Month Modified Files and Folders =======

2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\FRST
2013-10-29 18:07 - 2012-08-09 13:28 - 00000442 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB46E3CA-FBBA-4812-BCDB-FCA6DE1C49A5}.job
2013-10-29 18:05 - 2013-10-29 18:05 - 00003074 _____ C:\Documents and Settings\Michael Hausman\Desktop\JRT.txt
2013-10-29 18:03 - 2011-12-20 19:13 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 18:02 - 2013-10-29 18:02 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 17:54 - 2013-10-29 17:54 - 01033335 _____ (Thisisu) C:\Documents and Settings\Michael Hausman\Desktop\JRT.exe
2013-10-29 17:52 - 2013-02-22 11:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-29 17:52 - 2011-12-01 16:41 - 01819959 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-29 17:50 - 2011-12-20 19:13 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 17:50 - 2011-12-01 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-29 17:50 - 2011-12-01 11:08 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-29 17:50 - 2011-12-01 11:08 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-29 17:50 - 2001-08-23 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-29 17:49 - 2013-10-29 17:28 - 00000000 ____D C:\AdwCleaner
2013-10-29 17:49 - 2011-12-01 16:17 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-29 17:49 - 2011-12-01 16:17 - 00000178 ___SH C:\Documents and Settings\Michael Hausman\ntuser.ini
2013-10-29 17:34 - 2011-12-01 18:44 - 00001018 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003UA.job
2013-10-29 17:28 - 2013-10-29 17:28 - 01060070 _____ C:\Documents and Settings\Michael Hausman\Desktop\AdwCleaner.exe
2013-10-29 02:34 - 2011-12-01 18:44 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-854245398-725345543-1003Core.job
2013-10-25 17:11 - 2011-12-01 16:17 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-23 18:18 - 2013-10-23 18:18 - 00000000 ___SD C:\ComboFix
2013-10-23 18:18 - 2013-10-23 17:14 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-23 18:18 - 2011-12-01 16:13 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-23 18:10 - 2013-10-23 17:49 - 00103378 _____ C:\Documents and Settings\Michael Hausman\Desktop\OTL.Txt
2013-10-23 18:02 - 2013-10-22 18:44 - 00025004 _____ C:\WINDOWS\setupapi.log
2013-10-23 17:49 - 2013-10-23 17:49 - 00039250 _____ C:\Documents and Settings\Michael Hausman\Desktop\Extras.Txt
2013-10-23 17:39 - 2013-10-23 17:39 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Michael Hausman\Desktop\OTL.exe
2013-10-23 17:29 - 2013-10-23 17:29 - 00020834 _____ C:\ComboFix.txt
2013-10-23 17:26 - 2001-08-23 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-23 17:25 - 2011-12-01 11:06 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-23 17:25 - 2011-12-01 11:06 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-23 17:25 - 2011-12-01 11:05 - 29097984 _____ C:\WINDOWS\system32\config\software.bak
2013-10-23 17:25 - 2011-12-01 11:05 - 05505024 _____ C:\WINDOWS\system32\config\system.bak
2013-10-23 17:25 - 2011-12-01 11:05 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-10-23 17:24 - 2013-10-23 17:24 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-23 17:24 - 2013-10-23 17:24 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-23 17:19 - 2013-10-23 17:19 - 00000000 _RSHD C:\cmdcons
2013-10-23 17:19 - 2011-12-01 11:05 - 00000327 __RSH C:\boot.ini
2013-10-23 16:56 - 2013-10-22 18:50 - 00005576 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.log
2013-10-23 16:53 - 2011-12-01 18:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-10-23 16:50 - 2013-10-23 16:50 - 00001789 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10232013_165005.txt
2013-10-23 16:47 - 2013-10-23 16:14 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-23 16:34 - 2013-10-23 16:33 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys
2013-10-23 16:28 - 2013-10-23 16:28 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\LavasoftStatistics
2013-10-23 16:14 - 2013-10-23 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-10-23 16:12 - 2013-10-23 16:11 - 00009301 _____ C:\WINDOWS\KB942288-v3.log
2013-10-23 16:12 - 2013-10-23 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2013-10-23 16:12 - 2013-10-23 16:04 - 00013500 _____ C:\WINDOWS\iis6.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00012365 _____ C:\WINDOWS\FaxSetup.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00005912 _____ C:\WINDOWS\ocgen.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00005643 _____ C:\WINDOWS\tsoc.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00004085 _____ C:\WINDOWS\comsetup.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00003838 _____ C:\WINDOWS\msmqinst.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00002478 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00002166 _____ C:\WINDOWS\netfxocm.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00000850 _____ C:\WINDOWS\MedCtrOC.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00000684 _____ C:\WINDOWS\ocmsn.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00000622 _____ C:\WINDOWS\tabletoc.log
2013-10-23 16:12 - 2013-10-23 16:04 - 00000618 _____ C:\WINDOWS\msgsocm.log
2013-10-23 16:12 - 2011-12-01 11:03 - 00000000 ____D C:\WINDOWS\system32\mui
2013-10-23 16:10 - 2013-10-23 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2013-10-23 16:09 - 2013-10-23 16:10 - 01724552 _____ C:\Documents and Settings\Michael Hausman\Desktop\Adaware_Installer.exe
2013-10-23 16:04 - 2013-10-23 16:04 - 00003487 _____ C:\WINDOWS\ie8Uninst.log
2013-10-23 16:04 - 2013-10-23 16:04 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-23 16:04 - 2013-10-23 16:04 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-23 15:55 - 2013-10-23 15:55 - 00001871 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_D_10232013_155532.txt
2013-10-23 15:55 - 2013-10-22 15:48 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\RK_Quarantine
2013-10-23 15:53 - 2013-10-23 15:53 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Desktop\backups
2013-10-22 18:47 - 2013-10-22 18:47 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Michael Hausman\Desktop\HJT.exe
2013-10-22 18:29 - 2013-10-22 18:29 - 00001818 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_182945.txt
2013-10-22 18:16 - 2013-10-22 18:16 - 00277360 _____ C:\Documents and Settings\Michael Hausman\Desktop\MGlogs.zip
2013-10-22 18:16 - 2013-10-22 16:54 - 00277360 _____ C:\MGlogs.zip
2013-10-22 18:16 - 2013-10-22 16:54 - 00000000 ____D C:\MGtools
2013-10-22 18:15 - 2013-10-22 18:28 - 00008377 _____ C:\Documents and Settings\Michael Hausman\Desktop\hijackthis.txt
2013-10-22 16:53 - 2013-10-22 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-22 16:21 - 2013-10-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-22 15:59 - 2013-10-22 15:59 - 00000626 _____ C:\Documents and Settings\All Users\Desktop\MBXX.lnk
2013-10-22 15:59 - 2013-10-22 15:59 - 00000000 ____D C:\Program Files\MBxx
2013-10-22 15:56 - 2013-10-22 15:56 - 00001521 _____ C:\Documents and Settings\Michael Hausman\Desktop\RKreport[0]_S_10222013_155629.txt
2013-10-22 15:46 - 2011-12-01 16:17 - 00000000 ____D C:\Documents and Settings\Michael Hausman
2013-10-22 15:44 - 2013-10-22 15:44 - 01990508 _____ C:\Documents and Settings\Michael Hausman\Desktop\toolMG.exe
2013-10-22 15:43 - 2013-10-22 15:43 - 09212696 _____ (SurfRight B.V.) C:\Documents and Settings\Michael Hausman\Desktop\ProHit.exe
2013-10-22 15:42 - 2013-10-22 15:42 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Michael Hausman\Desktop\killatd.exe
2013-10-22 15:40 - 2013-10-22 15:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Michael Hausman\Desktop\thisonething.exe
2013-10-22 15:38 - 2011-12-01 17:10 - 00000000 __SHD C:\Documents and Settings\Michael Hausman\UserData
2013-10-22 15:30 - 2013-10-22 15:30 - 00955392 _____ C:\Documents and Settings\Michael Hausman\Desktop\RogueKiller.exe
2013-10-22 15:27 - 2013-01-21 14:37 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-22 15:24 - 2013-10-22 15:24 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Program Files\CCleaner
2013-10-22 15:24 - 2013-10-22 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-10-22 15:22 - 2013-10-22 15:22 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-10-19 17:37 - 2013-10-19 17:37 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\Sun
2013-10-19 17:37 - 2011-12-01 16:15 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2013-10-19 17:33 - 2013-10-19 17:33 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\AVAST Software
2013-10-19 17:28 - 2013-02-14 04:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-10-19 17:22 - 2011-12-01 18:47 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-10-19 17:14 - 2011-12-01 16:14 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\Malwarebytes
2013-10-19 17:09 - 2013-10-19 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-19 17:06 - 2013-10-19 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-19 17:05 - 2013-10-19 17:06 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 17:04 - 2013-10-19 17:06 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 17:04 - 2013-10-19 17:06 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 17:04 - 2013-10-19 17:06 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 17:04 - 2013-10-19 17:06 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 17:04 - 2013-10-19 17:04 - 00000000 ____D C:\Program Files\Java
2013-10-15 03:32 - 2011-12-17 18:15 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-14 13:47 - 2011-12-01 19:46 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2013-10-14 13:46 - 2011-12-01 19:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-14 09:37 - 2013-09-29 14:29 - 00000884 __RSH C:\Documents and Settings\Michael Hausman\ntuser.pol
2013-10-14 03:41 - 2011-12-01 11:06 - 00269392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-14 03:25 - 2011-12-01 18:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-14 03:22 - 2011-12-01 11:07 - 00543352 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-14 03:19 - 2013-10-14 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-14 03:18 - 2013-10-14 03:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-14 03:14 - 2013-07-17 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-14 03:11 - 2011-12-01 18:18 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-14 03:09 - 2013-10-14 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-14 03:05 - 2013-10-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-14 03:05 - 2011-12-01 18:26 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-10 09:35 - 2013-10-10 09:35 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2013-10-09 17:52 - 2013-10-09 17:52 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-09 17:52 - 2012-03-31 08:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 17:52 - 2012-01-13 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-06 13:38 - 2012-07-03 16:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-05 13:40 - 2013-10-04 18:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-04 18:50 - 2013-10-01 13:15 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-04 18:11 - 2011-12-01 16:46 - 00070368 _____ C:\Documents and Settings\Michael Hausman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-02 08:03 - 2013-10-02 08:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$
2013-10-01 13:14 - 2013-10-01 13:14 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-01 13:14 - 2011-12-01 18:46 - 00000000 ____D C:\Program Files\MSBuild
2013-10-01 13:13 - 2013-10-01 13:11 - 00000000 ____D C:\167a519225d4cebdda00b125f9f169
2013-10-01 13:13 - 2011-12-01 11:03 - 00000000 ____D C:\WINDOWS\system32\spool
2013-09-29 15:52 - 2011-12-02 15:00 - 00000240 _____ C:\WINDOWS\Brownie.ini
2013-09-29 15:51 - 2011-12-02 15:01 - 00000012 _____ C:\WINDOWS\BRVIDEO.INI
2013-09-29 14:48 - 2011-12-09 18:41 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\uTorrent
2013-09-29 14:36 - 2013-09-29 14:33 - 00001423 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2013-09-29 14:29 - 2013-09-29 14:29 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-29 14:28 - 2011-12-01 16:17 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-09-29 14:26 - 2013-09-29 14:26 - 00000778 _____ C:\Documents and Settings\Michael Hausman\Desktop\Flash Player Pro.lnk
2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Program Files\Flash Player Pro
2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\Michael Hausman\My Documents\Flash Player Pro
2013-09-29 14:26 - 2013-09-29 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Program Files\uPlayer
2013-09-29 13:35 - 2013-09-29 13:35 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Application Data\uPlayer
2013-09-29 13:12 - 2013-09-29 13:12 - 00000000 ____D C:\Documents and Settings\Michael Hausman\Start Menu\Programs\Word Layers

Some content of TEMP:
====================
C:\Documents and Settings\Michael Hausman\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.66 0 K 28 K 0
System 0.78 0 K 240 K 4
procexp.exe 0.78 22,288 K 29,092 K 3100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.78 0 K 0 K n/a Hardware Interrupts and DPCs
wmiprvse.exe 1,916 K 5,144 K 3200 WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 6,688 K 3,724 K 728 Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3,048 K 5,036 K 956 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,952 K 4,524 K 1024 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 21,824 K 34,316 K 1120 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,464 K 3,852 K 1180 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,536 K 4,028 K 1320 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,360 K 3,988 K 476 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,520 K 4,444 K 1172 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 9,920 K 11,256 K 2052 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 3,280 K 5,188 K 1472 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 172 K 432 K 656 Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
services.exe 1,772 K 4,188 K 772 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
RTHDCPL.exe 22,588 K 22,712 K 2040 Realtek HD Audio Control Panel Realtek Semiconductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
notepad.exe 1,064 K 3,812 K 848 Notepad Microsoft Corporation (Verified) Microsoft Windows Component Publisher
lsass.exe 3,856 K 1,256 K 784 LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
jusched.exe 860 K 3,128 K 176 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
jqs.exe 2,292 K 1,444 K 560 Java Quick Starter Service Oracle Corporation (Verified) Oracle America
igfxtray.exe 956 K 3,652 K 1964 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,000 K 3,236 K 2032 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 708 K 3,028 K 1980 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 948 K 3,616 K 1972 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe 345,904 K 350,992 K 1524 Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 18,164 K 8,012 K 1616 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ctfmon.exe 1,000 K 3,892 K 196 CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 1,760 K 4,580 K 704 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
alg.exe 1,204 K 3,724 K 2920 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher

Edited because I didn't sort the last log by CPU usage, fixed now.

Attached Files


Edited by Coloursz, 29 October 2013 - 04:31 PM.

  • 0

#4
RKinner
Posted 29 October 2013 - 04:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#5
Coloursz
Posted 30 October 2013 - 02:26 PM

Coloursz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here you go.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/10/2013 4:04:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/10/2013 4:05:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/10/2013 4:18:05 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application plugin-container.exe, version 24.0.0.5001, faulting module xul.dll, version 24.0.0.5001, fault address 0x005f09fc.

Log: 'Application' Date/Time: 21/10/2013 3:04:12 PM
Type: error Category: 1
Event: 489 Source: ESENT
wuauclt (3812) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 21/10/2013 3:04:02 PM
Type: error Category: 1
Event: 490 Source: ESENT
wuauclt (3812) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 14/10/2013 3:41:41 AM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


Log: 'Application' Date/Time: 03/10/2013 5:09:48 AM
Type: error Category: 3
Event: 455 Source: ESENT
wuaueng.dll (63420) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Log: 'Application' Date/Time: 01/10/2013 3:14:14 AM
Type: error Category: 0
Event: 1096 Source: Userenv
Windows cannot access the registry policy file, C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Log: 'Application' Date/Time: 01/10/2013 3:14:09 AM
Type: error Category: 0
Event: 1043 Source: Userenv
Windows cannot access the registry information at C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Log: 'Application' Date/Time: 01/10/2013 3:14:09 AM
Type: error Category: 0
Event: 1090 Source: Userenv
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Log: 'Application' Date/Time: 01/10/2013 1:38:04 AM
Type: error Category: 0
Event: 1096 Source: Userenv
Windows cannot access the registry policy file, C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Log: 'Application' Date/Time: 01/10/2013 1:38:04 AM
Type: error Category: 0
Event: 1043 Source: Userenv
Windows cannot access the registry information at C:\Documents and Settings\Michael Hausman\ntuser.pol. (Insufficient system resources exist to complete the requested service. ).

Log: 'Application' Date/Time: 01/10/2013 1:38:04 AM
Type: error Category: 0
Event: 1090 Source: Userenv
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/10/2013 3:46:41 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user FACING-DOOR\Michael Hausman registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 19/10/2013 3:54:38 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user FACING-DOOR\Michael Hausman registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 17/10/2013 2:30:01 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 14/10/2013 4:36:20 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user FACING-DOOR\Michael Hausman registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/10/2013 3:22:45 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 13/10/2013 3:42:16 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user FACING-DOOR\Michael Hausman registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 13/10/2013 11:26:16 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 11:25:32 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 8:07:59 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 7:56:57 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 7:25:52 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 7:21:51 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 6:11:14 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 4:46:20 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 1:02:10 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 13/10/2013 12:22:10 AM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 12/10/2013 11:52:44 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 12/10/2013 8:49:43 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 12/10/2013 7:05:07 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 12/10/2013 6:48:47 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Attached Files


  • 0

#6
RKinner
Posted 30 October 2013 - 02:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Don't see any new alarms and Speccy says the Hard drive is good as are the temps. Are you still seeing popups?
  • 0

#7
Coloursz
Posted 30 October 2013 - 03:35 PM

Coloursz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Yes I am. Like I said it happens sometimes when I mouse over a link the cursor will stay the same and not change to the finger pointer, and when I click I will get a random popup opening an add in a new window. I use firefox as my main browser btw. Also I just turned off my adblock on firefox and noticed that on reddit.com there are adds in between posts, about every 5th post.


I think I just answered my own question, I was wondering if it only happened in firefox. Couldn't duplicate in IE/Chrome so I checked all the plugins for firefox and think I found the problem in there. Thanks for your help and the guides you guys have up on this website.

Edited by Coloursz, 30 October 2013 - 05:00 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP