nncout
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by nncout
-
Hi Dark Knight! Ok did the check disk to both the C: and D: drives. No improvements. Should I give up and just get it formatted? Or is there still hope for a cure?
-
....and it's still slow. I can't open anything again, programs just freeze up as they start to load.
-
Good afternoon! Here is the log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.5.4 (11.26.2012) OS: Windows 7 Home Premium x64 Ran by Jimmy on 26/11/2012 at 17:36:32.58 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2042600517-863206636-2601340993-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully deleted: [Registry Value] hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{13f0d570-b325-40d1-903b-2b2431eaf840} Successfully deleted: [Registry Value] hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{18d54d6a-e6b0-49da-98af-3f43bf2ce750} Successfully deleted: [Registry Value] hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{5bfb5d72-5c01-4a87-8f66-f59ab0767c16} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1b4f045-104e-4b2e-b36a-4609f37b6afb} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{771d0255-20a6-40a7-8060-e681b3f9d5e8} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{771d0255-20a6-40a7-8060-e681b3f9d5e8} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\bgnqzn7m.default\bprotector_extensions.sqlite ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26/11/2012 at 17:37:44.80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Actually it just allowed me to start the Windows Installer service and to update Adobe Reader! That's more than I could do before. it started off really slow and then a program actually opened up. I'll keep trying to update Java and Windows and see what happens.
-
Still the same. It loads fine at start up and then goes into super slow mode.
-
ListParts by Farbar Version: 30-10-2012 Ran by Jimmy (administrator) on 25-11-2012 at 08:44:59 Windows 7 (X64) Running From: C:\Users\Jimmy\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 8151.08 MB Available physical RAM: 7160.96 MB Total Pagefile: 16300.35 MB Available Pagefile: 15331.26 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (HP) (Fixed) (Total:920.12 GB) (Free:774.92 GB) NTFS 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.3 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)] 8 Drive j: (KINGSTON) (Removable) (Total:1.9 GB) (Free:1.89 GB) FAT Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 1947 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 11 GB 920 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C HP NTFS Partition 920 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1946 MB 120 KB ====================================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 J KINGSTON FAT Removable 1946 MB Healthy ====================================================================================================== ****** End Of Log ******
-
MiniToolBox by Farbar Version: 25-11-2012 Ran by Jimmy (administrator) on 25-11-2012 at 08:40:34 Running from "C:\Users\Jimmy\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Network *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.no_proxies_on", "*.local" "network.proxy.type", 0 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected) Hamachi Network Interface = Hamachi (Connected) 802.11n Wireless LAN Card = Wireless Network Connection (Hardware not present) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Jimmy-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 6C-62-6D-04-A8-EE DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::7476:ca98:fe4e:b533%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.104(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : November-25-12 8:33:53 AM Lease Expires . . . . . . . . . . : November-25-12 11:33:53 AM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 239100294 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8A-0C-51-6C-62-6D-04-A8-EE DNS Servers . . . . . . . . . . . : 216.146.35.240 216.146.36.240 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Hamachi Network Interface Physical Address. . . . . . . . . : 7A-79-19-64-15-09 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2620:9b::1964:1509(Preferred) Link-local IPv6 Address . . . . . : fe80::3d4c:8761:b44f:8b57%14(Preferred) IPv4 Address. . . . . . . . . . . : 25.100.21.9(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Lease Obtained. . . . . . . . . . : November-25-12 8:33:53 AM Lease Expires . . . . . . . . . . : November-25-12 8:44:29 AM Default Gateway . . . . . . . . . : 2620:9b::1900:1 25.0.0.1 DHCP Server . . . . . . . . . . . : 25.0.0.1 DHCPv6 IAID . . . . . . . . . . . : 528120273 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8A-0C-51-6C-62-6D-04-A8-EE DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.gateway.2wire.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{9C71DCB6-848C-4E73-9571-BCE123CE7E65}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: sendori-rdns1.dyndns.com Address: 216.146.35.240 Name: google.com Addresses: 2001:4860:4001:803::1007 74.125.224.137 74.125.224.134 74.125.224.133 74.125.224.135 74.125.224.129 74.125.224.136 74.125.224.131 74.125.224.142 74.125.224.132 74.125.224.128 74.125.224.130 Pinging google.com [74.125.224.137] with 32 bytes of data: Reply from 74.125.224.137: bytes=32 time=91ms TTL=53 Reply from 74.125.224.137: bytes=32 time=91ms TTL=53 Ping statistics for 74.125.224.137: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 91ms, Maximum = 91ms, Average = 91ms Server: sendori-rdns1.dyndns.com Address: 216.146.35.240 Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 72.30.38.140 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=75ms TTL=54 Reply from 98.138.253.109: bytes=32 time=57ms TTL=54 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 57ms, Maximum = 75ms, Average = 66ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 10...6c 62 6d 04 a8 ee ......Realtek PCIe GBE Family Controller 14...7a 79 19 64 15 09 ......Hamachi Network Interface 1...........................Software Loopback Interface 1 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 25.0.0.1 25.100.21.9 9256 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.104 20 25.0.0.0 255.0.0.0 On-link 25.100.21.9 9256 25.100.21.9 255.255.255.255 On-link 25.100.21.9 9256 25.255.255.255 255.255.255.255 On-link 25.100.21.9 9256 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.104 276 192.168.0.104 255.255.255.255 On-link 192.168.0.104 276 192.168.0.255 255.255.255.255 On-link 192.168.0.104 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.104 276 224.0.0.0 240.0.0.0 On-link 25.100.21.9 9256 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.104 276 255.255.255.255 255.255.255.255 On-link 25.100.21.9 9256 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 25.0.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 14 9020 ::/0 2620:9b::1900:1 1 306 ::1/128 On-link 14 276 2620:9b::/64 On-link 14 276 2620:9b::/96 On-link 14 276 2620:9b::1964:1509/128 On-link 10 276 fe80::/64 On-link 14 276 fe80::/64 On-link 14 276 fe80::3d4c:8761:b44f:8b57/128 On-link 10 276 fe80::7476:ca98:fe4e:b533/128 On-link 1 306 ff00::/8 On-link 10 276 ff00::/8 On-link 14 276 ff00::/8 On-link =========================================================================== Persistent Routes: If Metric Network Destination Gateway 0 4294967295 2620:9b::/96 On-link 0 9000 ::/0 2620:9b::1900:1 =========================================================================== ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/25/2012 03:00:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office PowerPoint Viewer 2007 (English) - Update '{620E77C0-CDFE-4C14-AAEB-830ABB65864C}' could not be installed. Error code 1636. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/25/2012 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office PowerPoint Viewer 2007 (English) - Update '{8153EC80-C988-4336-8DAF-6D99C0D26E0C}' could not be installed. Error code 1636. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/24/2012 05:33:55 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Office PowerPoint Viewer 2007 (English) - Update '{620E77C0-CDFE-4C14-AAEB-830ABB65864C}' could not be installed. Error code 1636. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/23/2012 08:15:06 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/23/2012 07:50:36 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Narrator, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 Error: (11/23/2012 07:50:34 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: MMCEx, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 Error: (11/23/2012 07:50:32 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005 Error: (11/23/2012 07:50:30 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A . Error code = 0x80070005 Error: (11/23/2012 07:13:11 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101). Error: (11/23/2012 06:59:27 AM) (Source: Windows Search Service) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4) System errors: ============= Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:16 AM) (Source: Service Control Manager) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error: (11/25/2012 08:34:15 AM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (11/25/2012 08:34:15 AM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (11/25/2012 03:00:41 AM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office PowerPoint Viewer 2007 (English){620E77C0-CDFE-4C14-AAEB-830ABB65864C}1636(NULL)(NULL)(NULL) Error: (11/25/2012 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office PowerPoint Viewer 2007 (English){8153EC80-C988-4336-8DAF-6D99C0D26E0C}1636(NULL)(NULL)(NULL) Error: (11/24/2012 05:33:55 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Microsoft Office PowerPoint Viewer 2007 (English){620E77C0-CDFE-4C14-AAEB-830ABB65864C}1636(NULL)(NULL)(NULL) Error: (11/23/2012 08:15:06 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (11/23/2012 07:50:36 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Narrator, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 Narrator, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil Error: (11/23/2012 07:50:34 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: MMCEx, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 MMCEx, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil Error: (11/23/2012 07:50:32 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005 Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Error: (11/23/2012 07:50:30 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A . Error code = 0x80070005 Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A Error: (11/23/2012 07:13:11 AM) (Source: System Restore)(User: ) Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101 Error: (11/23/2012 06:59:27 AM) (Source: Windows Search Service)(User: ) Description: Details: This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4) CodeIntegrity Errors: =================================== Date: 2012-11-18 16:22:48.052 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-18 16:22:47.990 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ AC3D 6.8.14 ActiveCheck component for HP Active Support Library (Version: 3.0.0.3) Adobe AIR (Version: 2.0.3.13070) Adobe Flash Player 11 ActiveX (Version: 11.4.402.287) Adobe Flash Player 11 Plugin (Version: 11.4.402.287) Adobe Reader 9.5.1 (Version: 9.5.1) aMSN 0.98.4 APB Reloaded Apple Application Support (Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.762.0) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2010.0113.2208.39662) Catalyst Control Center Graphics Full Existing (Version: 2010.0113.2208.39662) Catalyst Control Center Graphics Full New (Version: 2010.0113.2208.39662) Catalyst Control Center Graphics Light (Version: 2010.0113.2208.39662) Catalyst Control Center Graphics Previews Common (Version: 2010.0113.2208.39662) Catalyst Control Center Graphics Previews Vista (Version: 2010.0113.2208.39662) Catalyst Control Center HydraVision Full (Version: 2010.0113.2208.39662) Catalyst Control Center InstallProxy (Version: 2010.0113.2208.39662) Catalyst Control Center Localization All (Version: 2010.0113.2208.39662) ccc-core-static (Version: 2010.0113.2208.39662) ccc-utility64 (Version: 2010.0113.2208.39662) CCC Help Chinese Standard (Version: 2010.0113.2207.39662) CCC Help Chinese Traditional (Version: 2010.0113.2207.39662) CCC Help Czech (Version: 2010.0113.2207.39662) CCC Help Danish (Version: 2010.0113.2207.39662) CCC Help Dutch (Version: 2010.0113.2207.39662) CCC Help English (Version: 2010.0113.2207.39662) CCC Help Finnish (Version: 2010.0113.2207.39662) CCC Help French (Version: 2010.0113.2207.39662) CCC Help German (Version: 2010.0113.2207.39662) CCC Help Greek (Version: 2010.0113.2207.39662) CCC Help Hungarian (Version: 2010.0113.2207.39662) CCC Help Italian (Version: 2010.0113.2207.39662) CCC Help Japanese (Version: 2010.0113.2207.39662) CCC Help Korean (Version: 2010.0113.2207.39662) CCC Help Norwegian (Version: 2010.0113.2207.39662) CCC Help Polish (Version: 2010.0113.2207.39662) CCC Help Portuguese (Version: 2010.0113.2207.39662) CCC Help Russian (Version: 2010.0113.2207.39662) CCC Help Spanish (Version: 2010.0113.2207.39662) CCC Help Swedish (Version: 2010.0113.2207.39662) CCC Help Thai (Version: 2010.0113.2207.39662) CCC Help Turkish (Version: 2010.0113.2207.39662) Combat Arms Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) CyberLink DVD Suite Deluxe (Version: 7.0.2115) D3DX10 (Version: 15.4.2368.0902) Dead Island Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904) DVD Menu Pack for HP MediaSmart Video (Version: 3.1.3224) ESET Online Scanner v3 Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.4.3230.2052) Google Update Helper (Version: 1.3.21.123) HP Advisor (Version: 3.3.9512.3162) HP Customer Experience Enhancements (Version: 6.0.1.3) HP Games (Version: 1.0.0.71) HP MediaSmart DVD (Version: 3.1.3317) HP MediaSmart Music/Photo/Video (Version: 3.1.3422) HP MediaSmart SmartMenu (Version: 3.1.0.1) HP Odometer (Version: 2.10.0000) HP Remote Solution (Version: 1.1.11.0) HP Setup (Version: 1.2.3560.3170) HP Support Assistant (Version: 4.4.6.3) HP Support Information (Version: 10.1.0002) HP Update (Version: 5.001.000.014) HPAsset component for HP Active Support Library (Version: 3.0.0.3) HydraVision (Version: 4.2.142.0) iCloud (Version: 1.1.0.40) Intel® Rapid Storage Technology (Version: 9.5.0.1037) IrfanView (remove only) (Version: 4.28) iTunes (Version: 10.7.0.21) Java Auto Updater (Version: 2.1.6.0) Java 7 Update 5 (Version: 7.0.50) JavaFX 2.1.1 (Version: 2.1.1) Junk Mail filter update (Version: 15.4.3502.0922) Kaspersky Internet Security 2012 (Version: 12.0.0.374) LabelPrint (Version: 2.5.2017) Lernout & Hauspie TruVoice American English TTS Engine LightScribe System Software (Version: 1.18.8.1) LogMeIn Hamachi (Version: 2.1.0.284) Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000) Mesh Runtime (Version: 15.4.5722.2) Messenger Companion (Version: 15.4.3502.0922) Messenger Plus! 5 (Version: 5.10.0.750) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0) Microsoft Games for Windows Marketplace (Version: 3.5.50.0) Microsoft Live Search Toolbar (Version: 3.0.566.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Student 60 day trial Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook Connector (Version: 14.0.5118.5000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0) MobileMe Control Panel (Version: 3.1.8.0) Movie Theme Pack for HP MediaSmart Video (Version: 3.1.3310) Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NexDef Plug-in NVIDIA PhysX (Version: 9.10.0129) Pando Media Booster (Version: 2.6.0.8) PlayBryte PlayReady PC Runtime amd64 (Version: 1.3.0) POV-Ray for Windows v3.62 (Version: 3.62) Power2Go (Version: 6.0.3304) PowerDirector (Version: 7.0.3503) PunkBuster Services (Version: 0.993) QuickTime (Version: 7.72.80.56) Realtek High Definition Audio Driver (Version: 6.0.1.5938) Recovery Manager (Version: 5.5.2216) Safari (Version: 5.33.19.4) Sendori (Version: 1.1.6) Skype Click to Call (Version: 6.3.11079) Skype™ 5.10 (Version: 5.10.116) Spybot - Search & Destroy (Version: 1.6.2) Steam (Version: 1.0.0.0) TurboTax 2010 (Version: 1.00.0000) TurboTax 2011 (Version: 1.00.0000) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VoiceOver Kit (Version: 1.42.128.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live Family Safety (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger Companion Core (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinRAR 4.20 (32-bit) (Version: 4.20.0) ========================= Devices: ================================ Name: 802.11n Wireless LAN Card Description: 802.11n Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ========================= Memory info: =================================== Percentage of memory in use: 11% Total physical RAM: 8151.08 MB Available physical RAM: 7193.53 MB Total Pagefile: 16300.35 MB Available Pagefile: 15372.83 MB Total Virtual: 4095.88 MB Available Virtual: 3979.05 MB ========================= Partitions: ===================================== 1 Drive c: (HP) (Fixed) (Total:920.12 GB) (Free:774.92 GB) NTFS 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.3 GB) (Free:1.62 GB) NTFS 8 Drive j: (KINGSTON) (Removable) (Total:1.9 GB) (Free:1.89 GB) FAT ========================= Users: ======================================== User accounts for \\JIMMY-PC Administrator ASPNET Guest Jimmy Natalie ========================= Minidump Files ================================== No minidump file found **** End of log ****
-
Hi! No that didn't help. Everything is unticked and it's still just as slow.
-
Hi, thanks for not giving up on me!! Yes it's still painfully slow. It runs pretty good in safe mode but starting up normally is still a nightmare. The hard drive light flashes slowly but stays on most of the time and sounds like it's barely doing anything. But in safe mode it seems pretty normal, somewhat slow but not to the point where I can't open things and do the scans. Not sure if that helps at all, just thought I'd mention it.
-
Hi DK, There were no detected threats found so there is no report. Do you have any other suggestions?
-
Hi Dark Knight! Ok I was able to turn on the user account control but I couldn't do the Jave update or the Adobe Reader update. The main problem is I can only use safe mode right now. Running in normal mode is still too slow to do anything and it's very frustrating. There is a message showing up that the windows installer could not be accessed. I have no idea what else to do at this point. Here is the log: Farbar Service Scanner Version: 09-11-2012 Ran by Jimmy (administrator) on 22-11-2012 at 20:21:22 Running from "C:\Users\Jimmy\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-20 07:49] - [2012-10-03 11:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
Ok done, here it is... Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (9.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
-
Good morning, Here is the log ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=76a0cfe973cdc549b2bcf0dfa9041a3e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-21 02:57:34 # local_time=2012-11-21 08:57:34 (-0600, Central Standard Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1280 16777215 100 0 3773613 3773613 0 0 # compatibility_mode=5893 16776573 100 94 0 105047080 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=315787 # found=0 # cleaned=0 # scan_time=6224
-
Ok well since I can't delete those programs because I can't find them, here is the log. No improvements with the computer. All processes killed ========== OTL ========== C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\plugins folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\defaults folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\components folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\chrome\icons\default folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\chrome\icons folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\chrome\content\skin folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\chrome\content folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com\chrome folder moved successfully. C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}\ deleted successfully. C:\Program Files (x86)\facecons\Facecons.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jimmy ->Temp folder emptied: 256341 bytes ->Temporary Internet Files folder emptied: 3308997007 bytes ->Java cache emptied: 21354134 bytes ->FireFox cache emptied: 113695095 bytes ->Apple Safari cache emptied: 5067776 bytes ->Flash cache emptied: 2835262 bytes User: Natalie ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 51010982 bytes ->FireFox cache emptied: 20493368 bytes ->Flash cache emptied: 60949 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1059831 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 270925 bytes Total Files Cleaned = 3,362.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11202012_175526 Files\Folders moved on Reboot... C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
-
Good morning! Thanks for all your help so far!! I don't have any of those in my programs list. Is there a way to manually delete them?
-
Sorry, posted the same log twice!! Here is the correct third one.... OTL Extras logfile created on: 19/11/2012 6:06:46 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free 15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFS Drive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFS Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FAT Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0327FFC8-2332-4D37-B1B3-896C620855B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{153D77B8-A254-489D-8A0D-7B76F7EE11A7}" = rport=139 | protocol=6 | dir=out | app=system | "{32D40E0F-856C-4B1F-A242-58F48AFA8237}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{350C6887-5617-4AED-88F0-C358503E3CE1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{35583BA4-7517-4B74-A904-B19540EC5316}" = lport=2869 | protocol=6 | dir=in | app=system | "{38D43054-061C-43EA-99E1-542C5FBA3359}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{41A4CD54-4407-4581-985D-AD620991BDB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A2F3F35-A108-4AD1-9AF2-02210400F83E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{53E1D71C-8981-4278-8B8C-1B51AAA5A9C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{547E0010-C88C-4668-B5E7-4330C4134957}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{5750B4DC-3E18-4B14-9D22-5C034A2B80B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{585AC2DC-B47C-4A3B-A155-5ED4264B9CE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66B26965-4657-46BC-AFAC-BD256FC6BF87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6E2FE5C4-B844-4A07-B455-797094B06C0E}" = rport=445 | protocol=6 | dir=out | app=system | "{6EE75CB2-2ED2-49D8-B1D3-0AA549990748}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7058F735-5177-4834-AB2C-04095A5469C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{79094FA4-84E9-439B-93B3-4937F59B0157}" = lport=10243 | protocol=6 | dir=in | app=system | "{7A7C45ED-E50F-4348-8F8A-7F9409702B42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{814A5659-7789-404E-B534-D41FBEA4FD99}" = lport=139 | protocol=6 | dir=in | app=system | "{85877DF6-4487-43B4-893E-52D4B37508E9}" = lport=445 | protocol=6 | dir=in | app=system | "{8BF9409F-78A4-417D-A44C-F4C0D1A1A5CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9421251B-937D-47CA-B174-B115800085D2}" = rport=138 | protocol=17 | dir=out | app=system | "{B7276213-8221-4F75-AB8D-3E97269FAD85}" = lport=137 | protocol=17 | dir=in | app=system | "{BA24AE5E-766C-4AC0-AC6D-EDDB60AF84DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CBA249DD-E858-4344-908B-062D5858D0AB}" = rport=10243 | protocol=6 | dir=out | app=system | "{EF56E154-2E80-4533-ACE2-81A15EA31438}" = lport=138 | protocol=17 | dir=in | app=system | "{F022DBE6-F62E-454F-BCBC-FCABC583EC49}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F8DE67-A521-4651-BF3F-CEACA09C4B5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{05BE491A-EE23-468C-8168-AFA5C2C7728C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0C185EAF-0FF2-4F52-8C7E-83090E8ED968}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0C375612-07EA-4628-9E52-4A3295A0491B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D42CED0-B2FB-48A8-8B7F-77BD793F451C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0DB8D7CF-080B-49F3-866B-EF04BEBC3549}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{0E93593F-4342-4F46-85A0-B60DFC84FEAD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "{13F0D570-B325-40D1-903B-2B2431EAF840}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{14ABFDA5-FFC5-470F-9CC1-7766DA20A854}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{16B91331-B86F-4632-AE7F-1FBDF5D94DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe | "{18D54D6A-E6B0-49DA-98AF-3F43BF2CE750}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\h462825q\crossfire_downloader.exe | "{1A7EED71-A627-4CC7-AEA0-E241E35118DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{1E72D1AE-3002-4F4D-9BDE-4D448D2A2230}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{22BF683C-0FBE-49A9-8476-48EC87579A01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "{246604E4-16C8-4FF6-91DF-F6BD222B2E69}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{27439393-51C8-495A-9ED9-46E6A2A45A54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{2D03AACD-18A7-4EC4-86F6-02F889011A20}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{2FE98003-AE6F-4F2F-9F64-81C4CBC22F97}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{303F7C73-E73F-414F-847A-8F79BD9BE130}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3104E241-DE40-4073-91F4-2A2BD6C5489C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{3144D522-97B4-489E-97AF-F4EBB45F2254}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "{346FC3D1-4E80-4F67-81EB-0C6BA834EA39}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{352D2971-CD80-45CB-9B53-C336FDF853E3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "{353ED273-E569-4E6B-B59A-3AB8CB331E0F}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\temp\cf_downloader.exe | "{3B5A13EC-E011-42EC-B5A9-189E4C50D5C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{3BE18569-0122-4B23-8EF4-5E96C84FBD74}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{410E1682-5162-4B62-9442-BC04ABCE6D7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{4213015D-EC14-4F7F-8297-C19E12AF8B63}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{42222F8F-436A-413D-A0F3-653BE746A18F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4436EA5F-A698-4249-99CD-A010C8B74703}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4A69845A-B4A5-4FBC-8BDE-545E6A32F852}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{4BA5B324-346D-4E88-BA90-2E721750CA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{4BC7DEA8-1C0D-4EC4-8018-07ED13D56806}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{4CB5782D-C9AD-4454-9EE1-DEDDFBBCA1F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4D2AD28D-4AF2-4B8B-86BD-89DA0BB9BD6A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{4DD3BCF8-20E5-4EB4-88EC-7DC3671DA893}" = protocol=58 | dir=in | app=system | "{4E626C70-FD17-46E9-A53C-A7CA19F8F11F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{540A22BC-FAEA-444E-B6BD-9AA23D92E725}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5494D21E-95AA-4612-83FC-8A77157DE8BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{58497AA3-86A9-435B-921C-E4F96B58FE94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe | "{59BFB716-0B05-4C07-8042-B6B80A3722BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe | "{5A5CE321-4910-4937-8E50-1F56861A665E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "{5BFB5D72-5C01-4A87-8F66-F59AB0767C16}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\h462825q\crossfire_downloader.exe | "{5C07D5E6-39FA-4FE6-815D-E7A8CB6377A5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{5C62B81E-A0B5-4D87-8CC5-635F2CEB38E9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5DC3B6B9-8021-4E67-8155-EB6E79279B22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E3E0ECF-B83C-4FC6-8C0E-BFCF52089C1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5EDC1872-DF77-4228-A935-65060B980B33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A1AEF95-93BD-492E-BBC6-F788037E2B36}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{6A6819AC-A37C-4FEF-9184-7F5A4C34B5DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6B122F6D-7AA8-4979-B443-2B4AE15244A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe | "{6BBD410A-9E86-46D5-8E15-59ABE3513797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6FA07C27-73CF-4F1B-B70E-1CD77674A4C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{70463810-7270-4762-B2A0-5F13922BB73E}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{739BB06B-9E63-4E83-B458-5F382E549374}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "{768DDEB1-9842-435D-9941-ED71A332D49B}" = protocol=6 | dir=out | app=system | "{771D42A1-3347-425D-896E-3CE69DFF4E3D}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{787C8450-FF1F-4A0D-A5BE-48A04FDEBC3E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "{7A1E5623-5D6E-4D57-BB45-7F43284FD2C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7AC32C30-F451-49B7-98B2-3BA859B912CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7BC5D08F-39B4-4859-895C-BC8327FDBD0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7F01108A-A69A-4C68-9F68-1678CB2ED402}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "{8201C36A-CB3E-4EA2-AADD-AF570E62EFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{82A9A3FA-09FF-4947-9ED0-04BB1DBC20D6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{82E1F4F4-601E-4E45-A207-7B2F61E91207}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{888FB844-262D-4F0A-91FF-1127456D2864}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{89F56427-29B9-41BC-A95A-C9C189B27AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8AA7A3C2-9FDC-4845-89BC-9BE9B7400EC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8CEECDB2-A01A-487D-A8D1-7F29103F4AA2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{8F55A89D-CF1B-43EF-8BD9-ED7C6BC9C32F}" = protocol=17 | dir=in | app=c:\users\jimmy\desktop\crossfire_downloader.exe | "{940E55F9-F6D6-4A1E-8813-6B3FFC2B26D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{973EDEE7-8BFF-41D2-B1DE-66FA38681330}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "{9A4A24CC-DFB0-4B76-8186-6C120EEE1E75}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9D578739-C56E-4E7F-9458-E1C7D1CA8E07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{9D7A8379-F0F0-4941-9A30-05155D63F76C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{A3DE5861-787C-43B4-A8F4-00AE54A79227}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{A6663CBC-83C6-400A-A9DC-A25F4493FDFD}" = protocol=6 | dir=in | app=c:\users\jimmy\desktop\crossfire_downloader.exe | "{B13D075D-A359-4167-9DCE-964F000F67F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{B16EA776-9F7E-4B9C-96C9-62C9A96167B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{B262F8E7-CA6D-4198-99F0-E9B5D52C55B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B9DFE6A8-DECB-402A-B8BE-2538A5BA6468}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | "{BCB1C49B-80F2-4F91-B6F4-9B250D06B3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "{C044F4C9-CB89-4C69-B901-8A7EE8958D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe | "{C221F2A7-35BA-4016-9674-9E7C082F2CA1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C54F2F5B-9943-45B8-BD18-110B92FF56A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{C6DFD3F1-DCFA-4C04-A7AA-2A773F5948FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{C7DDD2C4-57DB-49DE-8742-267DF5FE0BE6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C7E4A228-B3C4-4368-91AC-9DF397FB0B1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C805D5CA-91C5-492C-933C-4BB3A83AF9A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CAC56078-01AA-4543-8268-B7F539E54BE4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CB0407E4-B7D4-41F6-834A-2306703FF516}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe | "{CC20BA08-03BD-4375-A28B-4E397B2EAB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe | "{CF92011B-C2BE-43D7-A07E-AD63B447D9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D165D014-12B7-4542-B18F-07061C29F16E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{D38AAEB8-FD73-47FF-A068-0969D854011E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D397CE4D-5D30-4617-A4C3-7A23BBCF4298}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\temp\cf_downloader.exe | "{D729C969-70E2-429D-8F78-42681E04FE33}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{D7B1F43C-834B-40B2-9237-8455B940D6EC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{D827C42A-CF90-4531-BD71-8173CFFC9820}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DB09A59D-9AA9-4CBA-A1C7-26B3D48FB36F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DEA6426C-A222-4383-A490-4847ECBF4FC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E1BDCCCC-D86B-4B71-BCD0-77EB8F8C0AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe | "{E2369942-F5BD-4BF5-BF53-E332851CEF8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{E3603BC8-6BF6-4551-B3A7-9F72B7F80671}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{E431F8C2-AA73-42FE-802E-A694A831952D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{E4441B13-B164-486B-A431-ECA9ED84FB59}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E507AF17-8CC3-445C-960A-867CE3F3E92A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | "{E59F570B-DC6B-4F82-B869-5AF8986A3F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{E660ACAC-2A80-4846-95E8-00D62A16ED90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E694BB86-3E9A-49F9-9219-4FFC13B96518}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB46268F-F540-4022-B6FA-C8C204C90E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{EC7503C1-9A36-41F0-8585-1968BEA520A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{EEF292DB-8460-401E-8399-95982CCE16C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{F5C3D336-B5B1-490C-AFB9-529E8F558C7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{F78868DF-ACF2-496D-9965-362F8C82ADD7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{1998ECAF-B5AA-4C97-BE7C-C690BDD7E81A}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe | "TCP Query User{2F12507E-B169-49AA-9B40-F534F29715AE}C:\program files (x86)\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe | "TCP Query User{4B7A3CF0-4783-4F95-BDE3-EDB78F9FB51A}C:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe | "TCP Query User{564F0D5E-F366-4DA7-AEAF-4E45368285F4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{778D0701-5899-44ED-B56D-924C5DA49C86}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{7A45BE56-007E-46CD-A6A3-A4475423EBF7}C:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe | "TCP Query User{8D127963-EEF4-4EDB-90D7-F5B9E67852A1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{A361CCC8-E6E3-4CDF-9625-5E0D9B7A76DF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{C720E95F-1FDC-4AE8-BAC4-97279D526021}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{CF970F89-35A3-4512-A2D4-FEB86AF9D62E}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | "UDP Query User{15350FE2-A82F-4409-932D-B891CCB86DB2}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe | "UDP Query User{2BB4F892-8D0F-4377-BF72-9E15D87DE1A1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{3FDB2CED-613E-49F6-AA93-40D5E1403B43}C:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe | "UDP Query User{4051FF79-28D4-4BE6-A07F-7830F59F1DF3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{43C62F9C-F468-4ED9-A1FF-12E4F203EE04}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{67A13C57-0A2E-4951-80CD-C6227E499278}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{7CFC49B4-3E02-45F4-BB99-0CD8CBC4EE32}C:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe | "UDP Query User{A3D52D64-2BFE-4B75-8EE8-C39E12355017}C:\program files (x86)\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe | "UDP Query User{E168798D-0B68-4A3C-9492-C0D65BAF3329}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | "UDP Query User{E17A4D5D-838D-46FA-ABD2-81B82BBECCE6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0D15DB57-D8C4-1D54-498C-B786A485C0EB}" = ATI Catalyst Install Manager "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BE7D0221-74C3-1945-3458-7F267F30A595}" = ccc-utility64 "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "OfficeTrial" = Microsoft Office Home and Student 60 day trial [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0667699C-D5DE-FBA1-BC55-31D81FAFDD91}" = Catalyst Control Center Localization All "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CD97270-111F-D929-18E7-E2107FE4499F}" = Catalyst Control Center Graphics Full New "{0D297E80-6159-ABD7-3A14-16CFDAFA44A7}" = CCC Help Japanese "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011 "{146DD810-14C5-1D89-5B99-3A1B4C05C8E2}" = CCC Help Chinese Traditional "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22C8FE90-9B4D-2E60-1E8F-9C7256A654C3}" = CCC Help Hungarian "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010 "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{25B15553-04FF-597C-7D53-DB99A148A09D}" = Catalyst Control Center Graphics Full Existing "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{295FF653-9288-4635-0FDE-05FCDD1859F3}" = CCC Help Thai "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C6FD07-1A5E-6DBF-C981-AD0582B32630}" = CCC Help Dutch "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{4220D867-4A00-9D05-761D-F5A3E379C119}" = CCC Help Chinese Standard "{422F3C60-2286-C542-9A05-E14C13EB78C8}" = CCC Help Greek "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{49172BBD-1298-BB63-3EE8-C4FD4C3DB2FB}" = CCC Help Russian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B665392-2870-F48D-C1B8-031D6475C885}" = Catalyst Control Center Core Implementation "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E4B05A7-B027-A08D-4D8F-3D7B55D4C0FF}" = Catalyst Control Center Graphics Light "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{54159469-0D79-E4CF-E9EB-5575FC0AD254}" = CCC Help English "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57A67EC6-0652-4C0A-B8D4-20CD437AD033}" = Catalyst Control Center - Branding "{5C949985-1C8D-C079-F783-7C71F0B35F0D}" = CCC Help Spanish "{60827CA0-E66E-0EDA-C0F1-FAC67D6E1D20}" = Catalyst Control Center Graphics Previews Vista "{636AF808-FF89-3751-0F87-6EC11BF7F496}" = HydraVision "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{674EE6C1-FF81-21F9-C648-2DFC9FB8C3C8}" = CCC Help Danish "{677D2BD9-C66F-27D4-55DA-FED6438B5F81}" = CCC Help Norwegian "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{704DE25A-1899-BDB3-415E-30F5200F4CC0}" = CCC Help Polish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71B155B6-72CB-60A2-DF7D-F54C1348CE88}" = CCC Help Korean "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7E0FF63C-9263-7847-887D-CF63233E9D66}" = CCC Help Finnish "{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A73BE7B-7289-73A3-EAC2-36A5EBA4B2E4}" = Catalyst Control Center Graphics Previews Common "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92910761-561E-C478-E900-3F9466E5B17A}" = CCC Help Swedish "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A67DCD0F-A9B3-3126-DB5F-B98FBECB628B}" = CCC Help French "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B70891D5-6072-3739-09A5-0C4E0B62DCF9}" = Catalyst Control Center HydraVision Full "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{DB00E2D1-6BC3-E880-8460-5A32357DA454}" = CCC Help German "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDFFF397-CFE1-BA87-4DC9-437C24458655}" = CCC Help Italian "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E74E7ACF-83BF-FC49-AD24-DB643672DE11}" = CCC Help Turkish "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F177CDAF-0A53-9B0D-A0F1-E83E237CA2A6}" = Catalyst Control Center InstallProxy "{F19EAEBF-5A57-651A-D8ED-7B7ECF3AD10B}" = ccc-core-static "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F3CA2969-A9E4-395A-17F5-A329752A8CCE}" = CCC Help Czech "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FECBABDE-CDFA-CE29-23E2-443139BC0136}" = CCC Help Portuguese "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AC3D 6.8.14_is1" = AC3D 6.8.14 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "aMSN" = aMSN 0.98.4 "Autobahn" = NexDef Plug-in "facecons" = facecons "HP Remote Solution" = HP Remote Solution "iBryte_playbryte" = PlayBryte "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "IrfanView" = IrfanView (remove only) "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PunkBusterSvc" = PunkBuster Services "Sendori" = Sendori "Steam App 113400" = APB Reloaded "Steam App 212180" = Combat Arms "Steam App 91310" = Dead Island "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Hewlett-Packard Events ] Error - 02/05/2012 11:05:47 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 09/05/2012 11:44:08 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 16/05/2012 2:12:06 PM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 30/05/2012 2:08:53 PM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 20/06/2012 11:04:21 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 27/06/2012 11:47:41 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 18/07/2012 11:45:47 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 15/08/2012 11:13:46 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 23/08/2012 7:03:52 PM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() Error - 18/10/2012 11:29:45 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0 Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a() < End of report >
-
OTL logfile created on: 19/11/2012 6:06:46 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free 15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFS Drive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFS Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FAT Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/01/13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/30 09:07:09 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012/10/08 23:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/19 16:48:47 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/16 09:08:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/08/05 13:37:30 | 000,098,168 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori) SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/01/13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/01/13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/11/18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/10/12 00:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/10/02 05:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Documents\AC3D\Elemental Swords IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D6 E2 D7 6E 35 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {E1B4F045-104E-4B2E-B36A-4609F37B6AFB} IE - HKCU\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd IE - HKCU\..\SearchScopes\{E1B4F045-104E-4B2E-B36A-4609F37B6AFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 23:30:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/27 20:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions [2010/09/10 18:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com [2012/11/19 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions [2011/12/03 11:31:34 | 000,000,000 | ---D | M] ("Facecons") -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com [2012/05/18 21:23:11 | 000,002,266 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Google.xml [2012/10/05 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/05 13:30:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/27 23:00:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012/09/27 23:00:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F} File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{F9BBF004-6E40-4019-8214-C43A37E1D058} File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2012/03/18 14:04:42 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/18 14:04:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/18 14:04:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/11/18 16:24:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll (Facecons) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe File not found O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1 O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012/11/19 18:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2012/11/19 17:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012/11/19 17:56:08 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/18 16:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/18 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\mbar [2012/11/18 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/18 16:12:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/18 16:12:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/18 16:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/18 16:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/18 16:11:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/18 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A20A790-2BE4-42C2-A158-6E2BB9FCA1C5} [2012/11/18 13:31:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr [2012/11/17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644} [2012/11/16 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/16 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/16 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/11/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/11/11 20:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/11/11 20:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/11/10 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE} [2012/11/10 20:32:02 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys [2012/11/10 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1} [2012/11/10 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A} [2012/11/10 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E} [2012/11/09 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2} [2012/11/08 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A} [2012/11/07 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4} [2012/11/06 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65} [2012/11/05 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0} [2012/11/05 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA} [2012/11/05 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/11/05 23:11:55 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/11/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7} [2012/11/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73} [2012/10/31 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE} [2012/10/28 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6} [2012/10/26 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2012/11/19 17:58:03 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/19 17:58:03 | 000,676,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/19 17:58:03 | 000,130,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/19 17:56:06 | 000,895,317 | ---- | M] () -- C:\Users\Jimmy\Desktop\JRT.exe [2012/11/19 17:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys [2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 06:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/19 06:41:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/18 16:43:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/18 16:24:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/18 15:59:16 | 000,543,531 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe [2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012/11/17 11:47:50 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr [2012/11/16 21:21:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/10 20:38:19 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe [2012/11/08 13:12:01 | 446,057,499 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/05 23:11:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/10/31 14:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job [2012/10/30 13:58:33 | 000,243,681 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf [2012/10/30 13:57:02 | 000,243,695 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/10/22 14:31:54 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/19 17:55:52 | 000,895,317 | ---- | C] () -- C:\Users\Jimmy\Desktop\JRT.exe [2012/11/18 16:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/18 16:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/18 16:12:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/18 16:12:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/18 16:12:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/18 15:59:04 | 000,543,531 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe [2012/11/18 13:24:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2012/11/16 21:21:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/10 20:38:12 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe [2012/11/05 23:11:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/10/31 13:50:02 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job [2012/10/30 13:58:33 | 000,243,681 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf [2012/10/30 13:57:02 | 000,243,695 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf [2012/10/02 17:04:04 | 000,017,408 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\WebpageIcons.db [2012/09/19 16:48:52 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/09/19 16:48:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/13 12:22:38 | 000,002,078 | ---- | C] () -- C:\Windows\wininit.ini [2012/01/27 15:59:30 | 000,025,397 | ---- | C] () -- C:\Users\Jimmy\CrossFire_1082.dlbt [2011/12/03 14:28:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/10/31 19:31:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe [2011/10/31 19:31:01 | 000,277,366 | ---- | C] () -- C:\Windows\unins000.dat [2011/09/07 08:04:05 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{0839F303-1221-445F-8C98-AEB75D5C32B9} [2011/06/18 11:29:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/06/08 22:41:48 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sxxssul.dll [2011/05/30 14:13:24 | 004,427,872 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.0 [2011/05/30 14:13:24 | 001,198,354 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.JPG [2011/05/26 19:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/04/04 11:49:23 | 003,788,320 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.0 [2011/04/04 11:49:23 | 000,740,779 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.JPG [2010/12/12 14:56:32 | 000,566,540 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.JPG [2010/11/30 21:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/11/30 21:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010/10/07 16:34:00 | 000,545,617 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.1 [2010/10/07 16:33:59 | 000,547,161 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.0 [2010/09/03 11:10:34 | 000,000,093 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/11/18 13:36:27 | 000,069,662 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012/11/18 15:59:43 | 000,069,902 | ---- | M] () -- C:\AdwCleaner[s1].txt [2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012/11/18 16:26:21 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt [2012/08/24 16:10:01 | 000,000,009 | ---- | M] () -- C:\END [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2010/09/07 17:50:32 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2012/11/19 17:53:10 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >
-
OTL logfile created on: 19/11/2012 6:06:46 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free 15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFS Drive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFS Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FAT Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/01/13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/30 09:07:09 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012/10/08 23:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/19 16:48:47 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/16 09:08:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/08/05 13:37:30 | 000,098,168 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori) SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/01/13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/01/13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/11/18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/10/12 00:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/10/02 05:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Documents\AC3D\Elemental Swords IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D6 E2 D7 6E 35 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {E1B4F045-104E-4B2E-B36A-4609F37B6AFB} IE - HKCU\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd IE - HKCU\..\SearchScopes\{E1B4F045-104E-4B2E-B36A-4609F37B6AFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 23:30:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/27 20:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions [2010/09/10 18:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com [2012/11/19 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions [2011/12/03 11:31:34 | 000,000,000 | ---D | M] ("Facecons") -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com [2012/05/18 21:23:11 | 000,002,266 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Google.xml [2012/10/05 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/05 13:30:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/27 23:00:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012/09/27 23:00:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F} File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{F9BBF004-6E40-4019-8214-C43A37E1D058} File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2012/03/18 14:04:42 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/18 14:04:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/18 14:04:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/11/18 16:24:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll (Facecons) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe File not found O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1 O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012/11/19 18:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2012/11/19 17:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012/11/19 17:56:08 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/18 16:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/18 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\mbar [2012/11/18 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/18 16:12:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/18 16:12:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/18 16:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/18 16:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/18 16:11:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/18 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A20A790-2BE4-42C2-A158-6E2BB9FCA1C5} [2012/11/18 13:31:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr [2012/11/17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644} [2012/11/16 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/16 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/16 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/11/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/11/11 20:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/11/11 20:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/11/10 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE} [2012/11/10 20:32:02 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys [2012/11/10 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1} [2012/11/10 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A} [2012/11/10 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E} [2012/11/09 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2} [2012/11/08 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A} [2012/11/07 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4} [2012/11/06 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65} [2012/11/05 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0} [2012/11/05 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA} [2012/11/05 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/11/05 23:11:55 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/11/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7} [2012/11/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73} [2012/10/31 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE} [2012/10/28 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6} [2012/10/26 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2012/11/19 17:58:03 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/19 17:58:03 | 000,676,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/19 17:58:03 | 000,130,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/19 17:56:06 | 000,895,317 | ---- | M] () -- C:\Users\Jimmy\Desktop\JRT.exe [2012/11/19 17:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys [2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 06:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/19 06:41:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/18 16:43:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/18 16:24:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/18 15:59:16 | 000,543,531 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe [2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012/11/17 11:47:50 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr [2012/11/16 21:21:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/10 20:38:19 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe [2012/11/08 13:12:01 | 446,057,499 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/05 23:11:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/10/31 14:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job [2012/10/30 13:58:33 | 000,243,681 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf [2012/10/30 13:57:02 | 000,243,695 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/10/22 14:31:54 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/19 17:55:52 | 000,895,317 | ---- | C] () -- C:\Users\Jimmy\Desktop\JRT.exe [2012/11/18 16:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/18 16:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/18 16:12:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/18 16:12:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/18 16:12:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/18 15:59:04 | 000,543,531 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe [2012/11/18 13:24:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2012/11/16 21:21:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/10 20:38:12 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe [2012/11/05 23:11:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/10/31 13:50:02 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job [2012/10/30 13:58:33 | 000,243,681 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf [2012/10/30 13:57:02 | 000,243,695 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf [2012/10/02 17:04:04 | 000,017,408 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\WebpageIcons.db [2012/09/19 16:48:52 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/09/19 16:48:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/13 12:22:38 | 000,002,078 | ---- | C] () -- C:\Windows\wininit.ini [2012/01/27 15:59:30 | 000,025,397 | ---- | C] () -- C:\Users\Jimmy\CrossFire_1082.dlbt [2011/12/03 14:28:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/10/31 19:31:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe [2011/10/31 19:31:01 | 000,277,366 | ---- | C] () -- C:\Windows\unins000.dat [2011/09/07 08:04:05 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{0839F303-1221-445F-8C98-AEB75D5C32B9} [2011/06/18 11:29:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/06/08 22:41:48 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sxxssul.dll [2011/05/30 14:13:24 | 004,427,872 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.0 [2011/05/30 14:13:24 | 001,198,354 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.JPG [2011/05/26 19:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/04/04 11:49:23 | 003,788,320 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.0 [2011/04/04 11:49:23 | 000,740,779 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.JPG [2010/12/12 14:56:32 | 000,566,540 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.JPG [2010/11/30 21:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/11/30 21:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010/10/07 16:34:00 | 000,545,617 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.1 [2010/10/07 16:33:59 | 000,547,161 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.0 [2010/09/03 11:10:34 | 000,000,093 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/11/18 13:36:27 | 000,069,662 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012/11/18 15:59:43 | 000,069,902 | ---- | M] () -- C:\AdwCleaner[s1].txt [2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012/11/18 16:26:21 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt [2012/08/24 16:10:01 | 000,000,009 | ---- | M] () -- C:\END [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2010/09/07 17:50:32 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2012/11/19 17:53:10 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >
-
Good day! Here are the logs.... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.3.4 (11.19.2012) OS: Windows 7 Home Premium x64 Ran by Jimmy on 19/11/2012 at 17:56:38.23 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bProtector Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_classes_root\appid\babylonhelper.exe" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs" Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Users\Jimmy\appdata\locallow\datamngr" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\crossriderapp5060@crossrider.com Successfully deleted: [File] C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\blekkotb.xml Successfully deleted the following from "C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js" user_pref("extensions.crossrider.bic", "13970ac45d1fea38dfe70a3d79b4c9f2"); user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,"); user_pref("extentions.y2layers.installId", "9b328715-24ae-461e-8bba-b4f73784588c"); user_pref("extentions.y2layers.lastDnsTest", 370011); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19/11/2012 at 17:57:50.11 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Hi TDK, Sorry I should of included that important information in my reply!! It's still slow but I am able to start up normally. There seems to be quite a bit of improvement but still has some issue.
-
Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.18.05 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Jimmy :: JIMMY-PC [administrator] 18/11/2012 4:38:43 PM mbar-log-2012-11-18 (16-38-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27677 Time elapsed: 5 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 8547024896, free: 6994915328 ------------ Kernel report ------------ 11/18/2012 16:32:16 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hamachi.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\lpk.dll \Windows\System32\comdlg32.dll \Windows\System32\urlmon.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\Wldap32.dll \Windows\System32\msvcrt.dll \Windows\System32\ws2_32.dll \Windows\System32\imagehlp.dll \Windows\System32\oleaut32.dll \Windows\System32\psapi.dll \Windows\System32\msctf.dll \Windows\System32\shlwapi.dll \Windows\System32\clbcatq.dll \Windows\System32\ole32.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\normaliz.dll \Windows\System32\user32.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR6 Upper Device Object: 0xfffffa800acb6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xfffffa80070989e0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa80091ee790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa80096ffb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa80091f3790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000080\ Lower Device Object: 0xfffffa80096f8b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa80091f1790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007f\ Lower Device Object: 0xfffffa8009688b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80091f6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa8009700b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007a8a790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80077b0050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 8547024896, free: 6987517952 ------------ Kernel report ------------ 11/18/2012 16:32:38 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hamachi.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\lpk.dll \Windows\System32\comdlg32.dll \Windows\System32\urlmon.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\Wldap32.dll \Windows\System32\msvcrt.dll \Windows\System32\ws2_32.dll \Windows\System32\imagehlp.dll \Windows\System32\oleaut32.dll \Windows\System32\psapi.dll \Windows\System32\msctf.dll \Windows\System32\shlwapi.dll \Windows\System32\clbcatq.dll \Windows\System32\ole32.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\normaliz.dll \Windows\System32\user32.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR6 Upper Device Object: 0xfffffa800acb6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xfffffa80070989e0 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa8009efab90 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa80091ee790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa80096ffb60 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa8007451740 <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa80091f3790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000080\ Lower Device Object: 0xfffffa80096f8b60 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa800a9ec090 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa80091f1790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007f\ Lower Device Object: 0xfffffa8009688b60 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa8009ef05c0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80091f6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa8009700b60 Lower Device Driver Name: \Driver\USBSTOR\ Device already Exists: 0xfffffa80096dde40 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007a8a790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80077b0050 Lower Device Driver Name: \Driver\iaStor\ Device already Exists: 0xfffffa8009f72e40 Downloaded database version: v2012.11.18.05 Downloaded database version: v2012.11.15.02 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007a8a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007a8a1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007a8a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80077b0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xfffff8a00fdbd5d0, 0xfffffa8007a8a790, 0xfffffa800af86790 Lower DeviceData: 0xfffff8a003e548b0, 0xfffffa80077b0050, 0xfffffa8009f72e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1549F232 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1929621504 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1929828352 Numsec = 23693312 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800acb6790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009fc0140, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800acb6790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80070989e0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a00fc04730, 0xfffffa800acb6790, 0xfffffa800b1f0090 Lower DeviceData: 0xfffff8a003e8ab70, 0xfffffa80070989e0, 0xfffffa8009efab90 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4030201 Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 240 Numsec = 3987216 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2041577472 bytes Sector size: 512 bytes Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa80091f6790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009705910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80091f6790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009700b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa80091f1790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009703b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80091f1790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009688b60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa80091f3790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009702b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80091f3790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80096f8b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa80091ee790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009706b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80091ee790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80096ffb60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Read File: File "C:\ProgramData\{4EF77D37-415C-4195-AE30-904ED23A3940}\iLividSetupV1.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{4EF77D37-415C-4195-AE30-904ED23A3940}\instance.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.lan" is compressed (flags = 1) Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\instance.dat" is compressed (flags = 1) Done! Scan finished =======================================
-
ComboFix 12-11-16.02 - Jimmy 18/11/2012 16:14:13.1.8 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.7233 [GMT -6:00] Running from: c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31V22TYB\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\EPLog.txt C:\Install.exe c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A34F3D2-7052-458A-B36D-50EFDA250AA9}.xps c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CAAC404F-D0FE-46E4-B703-1F9428B33BF1}.xps c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Recent\Terraria.url c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 22:23 . 2012-11-18 22:23 -------- d-----w- c:\users\Natalie\AppData\Local\temp 2012-11-18 22:23 . 2012-11-18 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 22:15 . 2012-11-18 22:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\offreg.dll 2012-11-17 18:31 . 2012-11-17 18:31 -------- d-----w- c:\users\Natalie\AppData\Roaming\Malwarebytes 2012-11-17 03:21 . 2012-11-17 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 01:39 . 2012-11-17 01:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-12 02:05 . 2012-11-12 02:08 -------- d-----w- c:\programdata\MFAData 2012-11-12 02:05 . 2012-11-12 02:05 -------- d--h--w- c:\programdata\Common Files 2012-11-12 02:05 . 2012-11-12 02:05 -------- d-----w- c:\users\Natalie\AppData\Local\MFAData 2012-11-12 02:05 . 2012-11-12 02:05 -------- d-----w- c:\users\Natalie\AppData\Local\Avg2013 2012-11-11 02:38 . 2012-11-11 02:38 181808 ----a-w- c:\windows\RegBootClean.exe 2012-11-11 02:32 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-11-11 02:28 . 2012-11-11 02:28 -------- d-----w- c:\users\Natalie\AppData\Local\Macromedia 2012-11-11 02:24 . 2012-11-11 02:24 -------- d-----w- c:\users\Natalie\AppData\Local\Mozilla 2012-11-10 01:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\mpengine.dll 2012-11-06 05:11 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\program files\iTunes 2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 15:07 . 2011-04-20 19:50 637272 ----a-w- c:\windows\system32\drivers\klif.sys 2012-10-27 00:03 . 2012-09-19 22:56 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-10-27 00:03 . 2012-09-19 22:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-10-22 20:31 . 2012-09-19 22:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-10-11 08:04 . 2011-01-27 20:20 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 05:43 . 2012-04-01 17:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 05:43 . 2011-05-16 00:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 01:54 . 2011-08-01 16:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-19 22:48 . 2012-09-19 22:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-09-14 19:19 . 2012-10-10 18:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 18:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 18:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 18:19 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 18:19 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 18:19 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 18:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-22 08:00 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 08:00 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 08:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 08:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 21:22 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 21:22 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 21:22 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 21:22 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 21:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 19:01 . 2010-09-01 18:46 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 19:01 . 2010-09-01 18:46 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}] 2011-08-01 12:51 167424 ----a-w- c:\program files (x86)\facecons\Facecons.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-10 39408] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768] . c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Jimmy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A] NexDef Plug-in.lnk - c:\users\Jimmy\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Sendori Tray Icon.lnk - c:\program files (x86)\Sendori\SendoriTray.exe [2011-8-5 74616] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-08-05 98168] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1255736] R3 X6va001;X6va001;c:\users\Jimmy\AppData\Local\Temp\00149FD.tmp [x] R3 X6va005;X6va005;c:\users\Jimmy\AppData\Local\Temp\005A6E2.tmp [x] R3 X6va006;X6va006;c:\users\Jimmy\AppData\Local\Temp\006857.tmp [x] R3 X6va008;X6va008;c:\users\Jimmy\AppData\Local\Temp\008D597.tmp [x] R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x] R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x] R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616] . . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:43] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 03:27] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 03:27] . 2012-10-31 c:\windows\Tasks\HPCeeScheduleForJimmy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms} IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1 Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{efb1e45a-148d-40f9-a3f0-09d5577f9970} - (no file) Toolbar-10 - (no file) Notify-klogon - (no file) Toolbar-10 - (no file) WebBrowser-{EFB1E45A-148D-40F9-A3F0-09D5577F9970} - (no file) HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exe AddRemove-iBryte_playbryte - c:\program files (x86)\iBryte\playbryte\uninstall.exe AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe AddRemove-FoxTab PDF Creator - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001] "ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\00149FD.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\005A6E2.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\006857.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008] "ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\008D597.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-18 16:26:21 ComboFix-quarantined-files.txt 2012-11-18 22:26 . Pre-Run: 827,313,774,592 bytes free Post-Run: 827,754,328,064 bytes free . - - End Of File - - A47D4EF8C8DDB7B38E495EE867D44E48
-
Ok here are the latest logs... # AdwCleaner v2.008 - Logfile created 11/18/2012 at 15:59:25 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Jimmy - JIMMY-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Jimmy\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Browser Manager ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\user.js File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\bProtect.xml File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Conduit.xml File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Plusnetwork.xml Folder Deleted : C:\Program Files (x86)\appbario8 Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\iBryte Folder Deleted : C:\Program Files (x86)\Vgrabber1 Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Jimmy\AppData\Local\blekkotb Folder Deleted : C:\Users\Jimmy\AppData\Local\Conduit Folder Deleted : C:\Users\Jimmy\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Jimmy\AppData\Local\Savings Sidekick Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\BabylonToolbar Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3007394 Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3131886 Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3184201 Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\appbario8 Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\iBryte Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\searchquband Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\Vgrabber1 Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ConduitCommon Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3007394 Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3131886 Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970} Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058} Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\bbrs_002@blabbers.com Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\plugin@yontoo.com Folder Deleted : C:\Users\Jimmy\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Natalie\AppData\LocalLow\iBryte Folder Deleted : C:\Users\Natalie\AppData\LocalLow\searchquband Folder Deleted : C:\Users\Natalie\AppData\LocalLow\Searchqutoolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\appbario8 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Vgrabber1 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\bProtector Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\Software\appbario8 Key Deleted : HKLM\Software\Bandoo Key Deleted : HKLM\Software\bProtector Key Deleted : HKLM\Software\BrowserCompanion Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3007394 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3184201 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA50D456-3601-4EC6-8A34-C01E45446CA7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\Vgrabber1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA50D456-3601-4EC6-8A34-C01E45446CA7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A33D171-D518-4AD2-8F6B-ABFA74A16F4C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF7076-CF8E-4D3C-A14E-8E1C1FB34C78} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D58D29-630F-46DE-89F1-A4A099DA22A6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8D2AFC-110B-463A-8764-8A742525F37C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com -\\ Mozilla Firefox v9.0.1 (en-US) Profile name : default File : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\user.js ... Deleted ! Deleted : user_pref("CT3007394..clientLogIsEnabled", false); Deleted : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3007394.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129647087198219321", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129647087427906824", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129651294520663109", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129659125714113035", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129660184590163266", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129682607808034876", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129738834384600252", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129742041561828741", true); Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true); Deleted : user_pref("CT3007394.CT3007394", "CT3007394"); Deleted : user_pref("CT3007394.CurrentServerDate", "30-10-2012"); Deleted : user_pref("CT3007394.DSInstall", false); Deleted : user_pref("CT3007394.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3007394.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...] Deleted : user_pref("CT3007394.DownloadReferralCookieData", ""); Deleted : user_pref("CT3007394.FirstServerDate", "4-12-2011"); Deleted : user_pref("CT3007394.FirstTime", true); Deleted : user_pref("CT3007394.FirstTimeFF3", true); Deleted : user_pref("CT3007394.FixPageNotFoundErrors", false); Deleted : user_pref("CT3007394.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3007394.HPInstall", false); Deleted : user_pref("CT3007394.HasUserGlobalKeys", true); Deleted : user_pref("CT3007394.HomePageProtectorEnabled", false); Deleted : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://www.searchqu.com/406"); Deleted : user_pref("CT3007394.Initialize", true); Deleted : user_pref("CT3007394.InitializeCommonPrefs", true); Deleted : user_pref("CT3007394.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3007394.InstallationType", "Unknown"); Deleted : user_pref("CT3007394.InstalledDate", "Mon Nov 14 2011 10:07:27 GMT-0600 (Central Standard Time)"); Deleted : user_pref("CT3007394.InvalidateCache", false); Deleted : user_pref("CT3007394.IsAlertDBUpdated", true); Deleted : user_pref("CT3007394.IsGrouping", false); Deleted : user_pref("CT3007394.IsInitSetupIni", true); Deleted : user_pref("CT3007394.IsMulticommunity", false); Deleted : user_pref("CT3007394.IsOpenThankYouPage", true); Deleted : user_pref("CT3007394.IsOpenUninstallPage", false); Deleted : user_pref("CT3007394.IsProtectorsInit", true); Deleted : user_pref("CT3007394.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Dayligh[...] Deleted : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3007394.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT3007394.LastLogin_3.8.0.8", "Sat Dec 17 2011 15:10:00 GMT-0600 (Central Standard Time)"[...] Deleted : user_pref("CT3007394.LastLogin_3.8.1.0", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)"[...] Deleted : user_pref("CT3007394.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT3007394.Locale", "en-us"); Deleted : user_pref("CT3007394.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3007394.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3007394.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6"); Deleted : user_pref("CT3007394.RadioIsPodcast", false); Deleted : user_pref("CT3007394.RadioLastCheckTime", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT3007394.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT3007394.RadioLastUpdateServer", "3"); Deleted : user_pref("CT3007394.RadioMediaID", "9962"); Deleted : user_pref("CT3007394.RadioMediaType", "Media Player"); Deleted : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962"); Deleted : user_pref("CT3007394.RadioShrinkedFromSetup", false); Deleted : user_pref("CT3007394.RadioStationName", "California%20Rock"); Deleted : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT3007394.SearchBoxWidth", 172); Deleted : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search"); Deleted : user_pref("CT3007394.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT3007394.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...] Deleted : user_pref("CT3007394.SearchInNewTabEnabled", true); Deleted : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Dayli[...] Deleted : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT3007394.SearchProtectorEnabled", false); Deleted : user_pref("CT3007394.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3007394.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3007394.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight [...] Deleted : user_pref("CT3007394.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight Ti[...] Deleted : user_pref("CT3007394.SettingsLastUpdate", "1351523139"); Deleted : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13"); Deleted : user_pref("CT3007394.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 22:49:54 GMT-0500 (Central Day[...] Deleted : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT3007394.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394"); Deleted : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3007394.UserID", "UN46344112059454257"); Deleted : user_pref("CT3007394.ValidationData_Search", 0); Deleted : user_pref("CT3007394.ValidationData_Toolbar", 2); Deleted : user_pref("CT3007394.alertChannelId", "1399123"); Deleted : user_pref("CT3007394.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e06cg5el8:", "6E6D6F6F73717474706F"); Deleted : user_pref("CT3007394.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757579777A7A7675242F4B4947[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Deleted : user_pref("CT3007394.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Deleted : user_pref("CT3007394.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Deleted : user_pref("CT3007394.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Deleted : user_pref("CT3007394.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Deleted : user_pref("CT3007394.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Deleted : user_pref("CT3007394.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Deleted : user_pref("CT3007394.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Deleted : user_pref("CT3007394.backendstorage./9b-0?3g>d", "396B3B3E6E3E75417A4578787A207449787B254D5253512A54[...] Deleted : user_pref("CT3007394.backendstorage./9b-0?3g@6:5;", ""); Deleted : user_pref("CT3007394.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...] Deleted : user_pref("CT3007394.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Deleted : user_pref("CT3007394.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...] Deleted : user_pref("CT3007394.backendstorage./9b5ba==9cjag", "393A6E6A737443457A7246737A787649784E224C7C"); Deleted : user_pref("CT3007394.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F737174747577767175"); Deleted : user_pref("CT3007394.backendstorage./9b90e@8ff=eg", "393F352F3E"); Deleted : user_pref("CT3007394.backendstorage./9b9643g3/9e", "6A"); Deleted : user_pref("CT3007394.backendstorage./9b<:222h64<", "393F352F3E"); Deleted : user_pref("CT3007394.backendstorage./9b=+03eh8h8j?:", "4443"); Deleted : user_pref("CT3007394.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Deleted : user_pref("CT3007394.backendstorage./9b?b0d:8aj62<h", "6D"); Deleted : user_pref("CT3007394.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Deleted : user_pref("CT3007394.backendstorage.activationstep", "31"); Deleted : user_pref("CT3007394.backendstorage.autocompletepro_enable", "31"); Deleted : user_pref("CT3007394.backendstorage.autocompletepro_enable_auto", "31"); Deleted : user_pref("CT3007394.backendstorage.cbfirsttime", "4D6F6E204E6F7620313420323031312031303A30373A32372[...] Deleted : user_pref("CT3007394.backendstorage.dealplyhardid", "333538313534373730313635343535393539"); Deleted : user_pref("CT3007394.backendstorage.dealplywasshownctsettingswidget", "31"); Deleted : user_pref("CT3007394.backendstorage.firstrun", "31333233303331323231363233"); Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_starwebnet_com.pid2", "6133343337303161646330626136[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "313063666639346433343832[...] Deleted : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3130636666393464333438323[...] Deleted : user_pref("CT3007394.backendstorage.key_user_agree_ia12", "31"); Deleted : user_pref("CT3007394.backendstorage.loadtimes", "31"); Deleted : user_pref("CT3007394.backendstorage.shoppingapp.gk.exipres", "546875204D617220323220323031322032323A[...] Deleted : user_pref("CT3007394.backendstorage.shoppingapp.gk.geolocation", "63616E616461"); Deleted : user_pref("CT3007394.backendstorage.url_history", "68747470733A2F2F7777772E7469636B65746D61737465722[...] Deleted : user_pref("CT3007394.backendstorage.url_history_time", "31333235393732333632303539"); Deleted : user_pref("CT3007394.backendstorage.user_uniqueid", "63356336613138612D336338612D633134612D386434322[...] Deleted : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central [...] Deleted : user_pref("CT3007394.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3007394.initDone", true); Deleted : user_pref("CT3007394.isAppTrackingManagerOn", true); Deleted : user_pref("CT3007394.isFirstRadioInstallation", false); Deleted : user_pref("CT3007394.myStuffEnabled", true); Deleted : user_pref("CT3007394.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3007394.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3007394.oldAppsList", "129496561699875753,129496561700500759,111,129754315803927444,129[...] Deleted : user_pref("CT3007394.revertSettingsEnabled", false); Deleted : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3007394.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3007394.testingCtid", ""); Deleted : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central D[...] Deleted : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central D[...] Deleted : user_pref("CT3007394.usagesFlag", 2); Deleted : user_pref("CT3131886..clientLogIsEnabled", false); Deleted : user_pref("CT3131886..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3131886..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3131886.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3131886.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3131886.BrowserCompStateIsOpen_129730831435930026", true); Deleted : user_pref("CT3131886.CTID", "CT3131886"); Deleted : user_pref("CT3131886.CurrentServerDate", "30-10-2012"); Deleted : user_pref("CT3131886.DSChangedManually", false); Deleted : user_pref("CT3131886.DSInstall", true); Deleted : user_pref("CT3131886.DSProtectChoice", true); Deleted : user_pref("CT3131886.DSProtectCount", 3); Deleted : user_pref("CT3131886.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3131886.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...] Deleted : user_pref("CT3131886.DownloadReferralCookieData", ""); Deleted : user_pref("CT3131886.EMailNotifierPollDate", "Fri Sep 07 2012 10:51:30 GMT-0500 (Central Daylight Ti[...] Deleted : user_pref("CT3131886.FirstServerDate", "7-8-2012"); Deleted : user_pref("CT3131886.FirstTime", true); Deleted : user_pref("CT3131886.FirstTimeFF3", true); Deleted : user_pref("CT3131886.FirstTimeHiddenVer", true); Deleted : user_pref("CT3131886.FixPageNotFoundErrors", true); Deleted : user_pref("CT3131886.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3131886.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3131886.HPInstall", true); Deleted : user_pref("CT3131886.HPProtectChoice", true); Deleted : user_pref("CT3131886.HPProtectCount", 1); Deleted : user_pref("CT3131886.HasUserGlobalKeys", true); Deleted : user_pref("CT3131886.HomePageProtectorEnabled", true); Deleted : user_pref("CT3131886.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=[...] Deleted : user_pref("CT3131886.Initialize", true); Deleted : user_pref("CT3131886.InitializeCommonPrefs", true); Deleted : user_pref("CT3131886.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3131886.InstallationId", "conduitinstaller.exe"); Deleted : user_pref("CT3131886.InstallationType", "ConduitNSISIntegration"); Deleted : user_pref("CT3131886.InstalledDate", "Tue Aug 07 2012 14:41:55 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT3131886.InvalidateCache", false); Deleted : user_pref("CT3131886.IsAlertDBUpdated", true); Deleted : user_pref("CT3131886.IsGrouping", false); Deleted : user_pref("CT3131886.IsInitSetupIni", true); Deleted : user_pref("CT3131886.IsMulticommunity", false); Deleted : user_pref("CT3131886.IsOpenThankYouPage", false); Deleted : user_pref("CT3131886.IsOpenUninstallPage", true); Deleted : user_pref("CT3131886.IsProtectorsInit", true); Deleted : user_pref("CT3131886.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayligh[...] Deleted : user_pref("CT3131886.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3131886.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3131886.LastLogin_3.13.0.6", "Fri Aug 24 2012 11:27:02 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT3131886.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT3131886.LatestVersion", "3.15.1.0"); Deleted : user_pref("CT3131886.Locale", "en"); Deleted : user_pref("CT3131886.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3131886.MCDetectTooltipShow", false); Deleted : user_pref("CT3131886.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3131886.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3131886.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3131886.OriginalFirstVersion", "3.13.0.6"); Deleted : user_pref("CT3131886.RadioIsPodcast", false); Deleted : user_pref("CT3131886.RadioLastCheckTime", "Fri Sep 07 2012 10:46:30 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT3131886.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT3131886.RadioLastUpdateServer", "3"); Deleted : user_pref("CT3131886.RadioMediaID", "9962"); Deleted : user_pref("CT3131886.RadioMediaType", "Media Player"); Deleted : user_pref("CT3131886.RadioMenuSelectedID", "EBRadioMenu_CT31318869962"); Deleted : user_pref("CT3131886.RadioShrinkedFromSetup", false); Deleted : user_pref("CT3131886.RadioStationName", "California%20Rock"); Deleted : user_pref("CT3131886.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT3131886.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT3131886.SavedHomepage", "about:home"); Deleted : user_pref("CT3131886.SearchCaption", "Vgrabber1 Customized Web Search"); Deleted : user_pref("CT3131886.SearchEngineBeforeUnload", "Vgrabber1 Customized Web Search"); Deleted : user_pref("CT3131886.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...] Deleted : user_pref("CT3131886.SearchInNewTabEnabled", true); Deleted : user_pref("CT3131886.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3131886.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayli[...] Deleted : user_pref("CT3131886.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3131886.SearchProtectorEnabled", false); Deleted : user_pref("CT3131886.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3131886.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3131886.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight [...] Deleted : user_pref("CT3131886.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Daylight Ti[...] Deleted : user_pref("CT3131886.SettingsLastUpdate", "1351523139"); Deleted : user_pref("CT3131886.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13"); Deleted : user_pref("CT3131886.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3131886.ThirdPartyComponentsLastCheck", "Tue Oct 16 2012 09:30:39 GMT-0500 (Central Day[...] Deleted : user_pref("CT3131886.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3131886.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3131886.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3131886"); Deleted : user_pref("CT3131886.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3131886.UserID", "UN94108909980738385"); Deleted : user_pref("CT3131886.ValidationData_Search", 2); Deleted : user_pref("CT3131886.ValidationData_Toolbar", 2); Deleted : user_pref("CT3131886.WeatherNetwork", ""); Deleted : user_pref("CT3131886.WeatherPollDate", "Fri Sep 07 2012 10:46:31 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT3131886.WeatherUnit", "C"); Deleted : user_pref("CT3131886.alertChannelId", "1528270"); Deleted : user_pref("CT3131886.approveUntrustedApps", false); Deleted : user_pref("CT3131886.autoDisableScopes", -1); Deleted : user_pref("CT3131886.backendstorage.cbcountry_001", "4341"); Deleted : user_pref("CT3131886.backendstorage.cbfirsttime", "5475652041756720303720323031322031343A34323A30332[...] Deleted : user_pref("CT3131886.backendstorage.shoppingapp.gk.exipres", "5765642053657020313220323031322031303A[...] Deleted : user_pref("CT3131886.backendstorage.shoppingapp.gk.geolocation", "63616E616461"); Deleted : user_pref("CT3131886.backendstorage.url_history0001", "68747470733A2F2F6D796163636F756E742E737475626[...] Deleted : user_pref("CT3131886.components.1000034", false); Deleted : user_pref("CT3131886.components.1000082", false); Deleted : user_pref("CT3131886.components.1000234", false); Deleted : user_pref("CT3131886.components.129730831435930026", false); Deleted : user_pref("CT3131886.components.524677150398786033", false); Deleted : user_pref("CT3131886.components.5905781182315170198", false); Deleted : user_pref("CT3131886.components.8352985832934023790", false); Deleted : user_pref("CT3131886.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3131886.globalFirstTimeInfoLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central [...] Deleted : user_pref("CT3131886.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3131886.initDone", true); Deleted : user_pref("CT3131886.isAppTrackingManagerOn", false); Deleted : user_pref("CT3131886.isFirstRadioInstallation", false); Deleted : user_pref("CT3131886.myStuffEnabled", true); Deleted : user_pref("CT3131886.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3131886.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3131886.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3131886.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3131886.navigateToUrlOnSearch", false); Deleted : user_pref("CT3131886.revertSettingsEnabled", false); Deleted : user_pref("CT3131886.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3131886.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3131886.testingCtid", ""); Deleted : user_pref("CT3131886.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...] Deleted : user_pref("CT3131886.toolbarContextMenuLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...] Deleted : user_pref("CT3131886.usagesFlag", 2); Deleted : user_pref("CT3184201.autoDisableScopes", -1); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber1 Customized Web Search"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3007394/CT3007394[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3131886/CT3131886[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/CA", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1528270/1523533/CA", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3131886", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3131886",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f61[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jimmy\\AppData\\Roaming\\Mozilla\\F[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3007394,CT3131886"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3007394,CT3131886"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394,CT3131886"); Deleted : user_pref("CommunityToolbar.globalUserId", "cfa6a056-b3a6-49dd-a5f4-6a527a1dde7b"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3131886"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:2[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 30 2012 14:53:35 GMT-050[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 30 2012 14:53:25 GMT-0500 (C[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "3d548f0a-0364-4773-aaad-ddf9ba381f72"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search"); Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber1 Customized Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 17); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "3421d9cb0000000000006c626d04a8ee"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15311"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 17); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:30:40"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 62716807); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:30:40"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "3421d9cb0000000000006c626d04a8ee"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "3421d9cb0000000000006c626d04a8ee"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15311"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:30:40"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true); Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1345846103); Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...] Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false); Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false); Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false); Deleted : user_pref("extensions.crossriderapp5060.5060.active", true); Deleted : user_pref("extensions.crossriderapp5060.5060.addressbar", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...] Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7); Deleted : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.changeprevious", false); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1345846103"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1345846103"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 15:[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22CA%22"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351627333"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1346215148681"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2271399%22"); Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1346215132842"); Deleted : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick"); Deleted : user_pref("extensions.crossriderapp5060.5060.domain", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.enablesearch", false); Deleted : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.group", 0); Deleted : user_pref("extensions.crossriderapp5060.5060.homepage", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.iframe", false); Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37"); Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0"); Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Oct 30[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true"); Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Deleted : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Deleted : user_pref("extensions.crossriderapp5060.5060.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick"); Deleted : user_pref("extensions.crossriderapp5060.5060.newtab", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.opensearch", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015"); Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...] Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15); Deleted : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps"); Deleted : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp5060.5060.setnewtab", false); Deleted : user_pref("extensions.crossriderapp5060.5060.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.thankyou", ""); Deleted : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp5060.5060.ver", 37); Deleted : user_pref("extensions.crossriderapp5060.adsOldValue", -1); Deleted : user_pref("extensions.crossriderapp5060.apps", "5060"); Deleted : user_pref("extensions.crossriderapp5060.bic", "13970ac45d1fea38dfe70a3d79b4c9f2"); Deleted : user_pref("extensions.crossriderapp5060.cid", 5060); Deleted : user_pref("extensions.crossriderapp5060.firstrun", false); Deleted : user_pref("extensions.crossriderapp5060.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp5060.installationdate", 1346215105); Deleted : user_pref("extensions.crossriderapp5060.lastcheck", 22527113); Deleted : user_pref("extensions.crossriderapp5060.lastcheckitem", 22527130); Deleted : user_pref("extensions.crossriderapp5060.modetype", "production"); Deleted : user_pref("extensions.enabledAddons", "facecons@facecons.com:1.1,plugin@yontoo.com:1.20.00,{167d9323[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Vgrabber1 Customized Web Search[...] Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT31[...] Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com"); Deleted : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q="); Deleted : user_pref("browser.search.selectedEngine", "Plus! Network"); Profile name : default File : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\7pky55tm.default\prefs.js [OK] File is clean. -\\ Chromium v [unable to get version] File : C:\Users\Jimmy\AppData\Local\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [69662 octets] - [18/11/2012 13:36:24] AdwCleaner[s1].txt - [69839 octets] - [18/11/2012 15:59:25] ########## EOF - C:\AdwCleaner[s1].txt - [69900 octets] ##########
-
Here is the adwcleaner: # AdwCleaner v2.008 - Logfile created 11/18/2012 at 13:36:24 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Jimmy - JIMMY-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Jimmy\Documents\AC3D\Elemental Swords\adwcleaner.exe # Option [search] ***** [services] ***** Found : Browser Manager ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\user.js File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\bProtect.xml File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Conduit.xml File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Plusnetwork.xml Folder Found : C:\Program Files (x86)\appbario8 Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\iBryte Folder Found : C:\Program Files (x86)\Vgrabber1 Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Jimmy\AppData\Local\blekkotb Folder Found : C:\Users\Jimmy\AppData\Local\Conduit Folder Found : C:\Users\Jimmy\AppData\Local\Ilivid Player Folder Found : C:\Users\Jimmy\AppData\Local\Savings Sidekick Folder Found : C:\Users\Jimmy\AppData\Local\Temp\BabylonToolbar Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3007394 Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3131886 Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3184201 Folder Found : C:\Users\Jimmy\AppData\LocalLow\appbario8 Folder Found : C:\Users\Jimmy\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Jimmy\AppData\LocalLow\Conduit Folder Found : C:\Users\Jimmy\AppData\LocalLow\iBryte Folder Found : C:\Users\Jimmy\AppData\LocalLow\PriceGong Folder Found : C:\Users\Jimmy\AppData\LocalLow\searchquband Folder Found : C:\Users\Jimmy\AppData\LocalLow\Vgrabber1 Folder Found : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ConduitCommon Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3007394 Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3131886 Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970} Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058} Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\bbrs_002@blabbers.com Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\plugin@yontoo.com Folder Found : C:\Users\Jimmy\AppData\Roaming\OpenCandy Folder Found : C:\Users\Natalie\AppData\LocalLow\iBryte Folder Found : C:\Users\Natalie\AppData\LocalLow\searchquband Folder Found : C:\Users\Natalie\AppData\LocalLow\Searchqutoolbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\appbario8 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Savings Sidekick Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Vgrabber1 Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\bProtector Key Found : HKCU\Software\BrowserCompanion Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\Software\appbario8 Key Found : HKLM\Software\Bandoo Key Found : HKLM\Software\bProtector Key Found : HKLM\Software\BrowserCompanion Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3007394 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3131886 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3184201 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\ilivid Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA50D456-3601-4EC6-8A34-C01E45446CA7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\Software\Vgrabber1 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA50D456-3601-4EC6-8A34-C01E45446CA7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A33D171-D518-4AD2-8F6B-ABFA74A16F4C} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF7076-CF8E-4D3C-A14E-8E1C1FB34C78} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D58D29-630F-46DE-89F1-A4A099DA22A6} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8D2AFC-110B-463A-8764-8A742525F37C} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBF004-6E40-4019-8214-C43A37E1D058} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 Toolbar Key Found : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C} Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660} Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Software Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9BBF004-6E40-4019-8214-C43A37E1D058}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com -\\ Mozilla Firefox v9.0.1 (en-US) Profile name : default File : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js Found : user_pref("CT3007394..clientLogIsEnabled", false); Found : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3007394.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129647087198219321", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129647087427906824", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129651294520663109", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129659125714113035", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129660184590163266", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129682607808034876", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129738834384600252", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_129742041561828741", true); Found : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true); Found : user_pref("CT3007394.CT3007394", "CT3007394"); Found : user_pref("CT3007394.CurrentServerDate", "30-10-2012"); Found : user_pref("CT3007394.DSInstall", false); Found : user_pref("CT3007394.DialogsAlignMode", "LTR"); Found : user_pref("CT3007394.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...] Found : user_pref("CT3007394.DownloadReferralCookieData", ""); Found : user_pref("CT3007394.FirstServerDate", "4-12-2011"); Found : user_pref("CT3007394.FirstTime", true); Found : user_pref("CT3007394.FirstTimeFF3", true); Found : user_pref("CT3007394.FixPageNotFoundErrors", false); Found : user_pref("CT3007394.GroupingServerCheckInterval", 1440); Found : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3007394.HPInstall", false); Found : user_pref("CT3007394.HasUserGlobalKeys", true); Found : user_pref("CT3007394.HomePageProtectorEnabled", false); Found : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://www.searchqu.com/406"); Found : user_pref("CT3007394.Initialize", true); Found : user_pref("CT3007394.InitializeCommonPrefs", true); Found : user_pref("CT3007394.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3007394.InstallationType", "Unknown"); Found : user_pref("CT3007394.InstalledDate", "Mon Nov 14 2011 10:07:27 GMT-0600 (Central Standard Time)"); Found : user_pref("CT3007394.InvalidateCache", false); Found : user_pref("CT3007394.IsAlertDBUpdated", true); Found : user_pref("CT3007394.IsGrouping", false); Found : user_pref("CT3007394.IsInitSetupIni", true); Found : user_pref("CT3007394.IsMulticommunity", false); Found : user_pref("CT3007394.IsOpenThankYouPage", true); Found : user_pref("CT3007394.IsOpenUninstallPage", false); Found : user_pref("CT3007394.IsProtectorsInit", true); Found : user_pref("CT3007394.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Dayligh[...] Found : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3007394.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT3007394.LastLogin_3.8.0.8", "Sat Dec 17 2011 15:10:00 GMT-0600 (Central Standard Time)"[...] Found : user_pref("CT3007394.LastLogin_3.8.1.0", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)"[...] Found : user_pref("CT3007394.LatestVersion", "3.14.1.0"); Found : user_pref("CT3007394.Locale", "en-us"); Found : user_pref("CT3007394.MCDetectTooltipHeight", "83"); Found : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3007394.MCDetectTooltipWidth", "295"); Found : user_pref("CT3007394.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6"); Found : user_pref("CT3007394.RadioIsPodcast", false); Found : user_pref("CT3007394.RadioLastCheckTime", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT3007394.RadioLastUpdateIPServer", "3"); Found : user_pref("CT3007394.RadioLastUpdateServer", "3"); Found : user_pref("CT3007394.RadioMediaID", "9962"); Found : user_pref("CT3007394.RadioMediaType", "Media Player"); Found : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962"); Found : user_pref("CT3007394.RadioShrinkedFromSetup", false); Found : user_pref("CT3007394.RadioStationName", "California%20Rock"); Found : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT3007394.SearchBoxWidth", 172); Found : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search"); Found : user_pref("CT3007394.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT3007394.SearchFromAddressBarIsInit", true); Found : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...] Found : user_pref("CT3007394.SearchInNewTabEnabled", true); Found : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Dayli[...] Found : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT3007394.SearchProtectorEnabled", false); Found : user_pref("CT3007394.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3007394.SendProtectorDataViaLogin", true); Found : user_pref("CT3007394.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight [...] Found : user_pref("CT3007394.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight Ti[...] Found : user_pref("CT3007394.SettingsLastUpdate", "1351523139"); Found : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13"); Found : user_pref("CT3007394.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 22:49:54 GMT-0500 (Central Day[...] Found : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586"); Found : user_pref("CT3007394.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394"); Found : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3007394.UserID", "UN46344112059454257"); Found : user_pref("CT3007394.ValidationData_Search", 0); Found : user_pref("CT3007394.ValidationData_Toolbar", 2); Found : user_pref("CT3007394.alertChannelId", "1399123"); Found : user_pref("CT3007394.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Found : user_pref("CT3007394.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Found : user_pref("CT3007394.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Found : user_pref("CT3007394.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...] Found : user_pref("CT3007394.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Found : user_pref("CT3007394.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Found : user_pref("CT3007394.backendstorage./9b+7e06cg5el8:", "6E6D6F6F73717474706F"); Found : user_pref("CT3007394.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757579777A7A7675242F4B4947[...] Found : user_pref("CT3007394.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Found : user_pref("CT3007394.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Found : user_pref("CT3007394.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Found : user_pref("CT3007394.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Found : user_pref("CT3007394.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Found : user_pref("CT3007394.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Found : user_pref("CT3007394.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Found : user_pref("CT3007394.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Found : user_pref("CT3007394.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Found : user_pref("CT3007394.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Found : user_pref("CT3007394.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Found : user_pref("CT3007394.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Found : user_pref("CT3007394.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Found : user_pref("CT3007394.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Found : user_pref("CT3007394.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Found : user_pref("CT3007394.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Found : user_pref("CT3007394.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Found : user_pref("CT3007394.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Found : user_pref("CT3007394.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Found : user_pref("CT3007394.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Found : user_pref("CT3007394.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Found : user_pref("CT3007394.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Found : user_pref("CT3007394.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Found : user_pref("CT3007394.backendstorage./9b-0?3g>d", "396B3B3E6E3E75417A4578787A207449787B254D5253512A54[...] Found : user_pref("CT3007394.backendstorage./9b-0?3g@6:5;", ""); Found : user_pref("CT3007394.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...] Found : user_pref("CT3007394.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Found : user_pref("CT3007394.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...] Found : user_pref("CT3007394.backendstorage./9b5ba==9cjag", "393A6E6A737443457A7246737A787649784E224C7C"); Found : user_pref("CT3007394.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F737174747577767175"); Found : user_pref("CT3007394.backendstorage./9b90e@8ff=eg", "393F352F3E"); Found : user_pref("CT3007394.backendstorage./9b9643g3/9e", "6A"); Found : user_pref("CT3007394.backendstorage./9b<:222h64<", "393F352F3E"); Found : user_pref("CT3007394.backendstorage./9b=+03eh8h8j?:", "4443"); Found : user_pref("CT3007394.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Found : user_pref("CT3007394.backendstorage./9b?b0d:8aj62<h", "6D"); Found : user_pref("CT3007394.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Found : user_pref("CT3007394.backendstorage.activationstep", "31"); Found : user_pref("CT3007394.backendstorage.autocompletepro_enable", "31"); Found : user_pref("CT3007394.backendstorage.autocompletepro_enable_auto", "31"); Found : user_pref("CT3007394.backendstorage.cbfirsttime", "4D6F6E204E6F7620313420323031312031303A30373A32372[...] Found : user_pref("CT3007394.backendstorage.dealplyhardid", "333538313534373730313635343535393539"); Found : user_pref("CT3007394.backendstorage.dealplywasshownctsettingswidget", "31"); Found : user_pref("CT3007394.backendstorage.firstrun", "31333233303331323231363233"); Found : user_pref("CT3007394.backendstorage.hxxp://api10_starwebnet_com.pid2", "6133343337303161646330626136[...] Found : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "313063666639346433343832[...] Found : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3130636666393464333438323[...] Found : user_pref("CT3007394.backendstorage.key_user_agree_ia12", "31"); Found : user_pref("CT3007394.backendstorage.loadtimes", "31"); Found : user_pref("CT3007394.backendstorage.shoppingapp.gk.exipres", "546875204D617220323220323031322032323A[...] Found : user_pref("CT3007394.backendstorage.shoppingapp.gk.geolocation", "63616E616461"); Found : user_pref("CT3007394.backendstorage.url_history", "68747470733A2F2F7777772E7469636B65746D61737465722[...] Found : user_pref("CT3007394.backendstorage.url_history_time", "31333235393732333632303539"); Found : user_pref("CT3007394.backendstorage.user_uniqueid", "63356336613138612D336338612D633134612D386434322[...] Found : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central [...] Found : user_pref("CT3007394.homepageProtectorEnableByLogin", true); Found : user_pref("CT3007394.initDone", true); Found : user_pref("CT3007394.isAppTrackingManagerOn", true); Found : user_pref("CT3007394.isFirstRadioInstallation", false); Found : user_pref("CT3007394.myStuffEnabled", true); Found : user_pref("CT3007394.myStuffPublihserMinWidth", 400); Found : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3007394.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3007394.oldAppsList", "129496561699875753,129496561700500759,111,129754315803927444,129[...] Found : user_pref("CT3007394.revertSettingsEnabled", false); Found : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3007394.searchProtectorEnableByLogin", true); Found : user_pref("CT3007394.testingCtid", ""); Found : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central D[...] Found : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central D[...] Found : user_pref("CT3007394.usagesFlag", 2); Found : user_pref("CT3131886..clientLogIsEnabled", false); Found : user_pref("CT3131886..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3131886..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3131886.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3131886.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3131886.BrowserCompStateIsOpen_129730831435930026", true); Found : user_pref("CT3131886.CTID", "CT3131886"); Found : user_pref("CT3131886.CurrentServerDate", "30-10-2012"); Found : user_pref("CT3131886.DSChangedManually", false); Found : user_pref("CT3131886.DSInstall", true); Found : user_pref("CT3131886.DSProtectChoice", true); Found : user_pref("CT3131886.DSProtectCount", 3); Found : user_pref("CT3131886.DialogsAlignMode", "LTR"); Found : user_pref("CT3131886.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...] Found : user_pref("CT3131886.DownloadReferralCookieData", ""); Found : user_pref("CT3131886.EMailNotifierPollDate", "Fri Sep 07 2012 10:51:30 GMT-0500 (Central Daylight Ti[...] Found : user_pref("CT3131886.FirstServerDate", "7-8-2012"); Found : user_pref("CT3131886.FirstTime", true); Found : user_pref("CT3131886.FirstTimeFF3", true); Found : user_pref("CT3131886.FirstTimeHiddenVer", true); Found : user_pref("CT3131886.FixPageNotFoundErrors", true); Found : user_pref("CT3131886.GroupingServerCheckInterval", 1440); Found : user_pref("CT3131886.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3131886.HPInstall", true); Found : user_pref("CT3131886.HPProtectChoice", true); Found : user_pref("CT3131886.HPProtectCount", 1); Found : user_pref("CT3131886.HasUserGlobalKeys", true); Found : user_pref("CT3131886.HomePageProtectorEnabled", true); Found : user_pref("CT3131886.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=[...] Found : user_pref("CT3131886.Initialize", true); Found : user_pref("CT3131886.InitializeCommonPrefs", true); Found : user_pref("CT3131886.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3131886.InstallationId", "conduitinstaller.exe"); Found : user_pref("CT3131886.InstallationType", "ConduitNSISIntegration"); Found : user_pref("CT3131886.InstalledDate", "Tue Aug 07 2012 14:41:55 GMT-0500 (Central Daylight Time)"); Found : user_pref("CT3131886.InvalidateCache", false); Found : user_pref("CT3131886.IsAlertDBUpdated", true); Found : user_pref("CT3131886.IsGrouping", false); Found : user_pref("CT3131886.IsInitSetupIni", true); Found : user_pref("CT3131886.IsMulticommunity", false); Found : user_pref("CT3131886.IsOpenThankYouPage", false); Found : user_pref("CT3131886.IsOpenUninstallPage", true); Found : user_pref("CT3131886.IsProtectorsInit", true); Found : user_pref("CT3131886.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayligh[...] Found : user_pref("CT3131886.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3131886.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3131886.LastLogin_3.13.0.6", "Fri Aug 24 2012 11:27:02 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT3131886.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT3131886.LatestVersion", "3.15.1.0"); Found : user_pref("CT3131886.Locale", "en"); Found : user_pref("CT3131886.MCDetectTooltipHeight", "83"); Found : user_pref("CT3131886.MCDetectTooltipShow", false); Found : user_pref("CT3131886.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3131886.MCDetectTooltipWidth", "295"); Found : user_pref("CT3131886.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3131886.OriginalFirstVersion", "3.13.0.6"); Found : user_pref("CT3131886.RadioIsPodcast", false); Found : user_pref("CT3131886.RadioLastCheckTime", "Fri Sep 07 2012 10:46:30 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT3131886.RadioLastUpdateIPServer", "3"); Found : user_pref("CT3131886.RadioLastUpdateServer", "3"); Found : user_pref("CT3131886.RadioMediaID", "9962"); Found : user_pref("CT3131886.RadioMediaType", "Media Player"); Found : user_pref("CT3131886.RadioMenuSelectedID", "EBRadioMenu_CT31318869962"); Found : user_pref("CT3131886.RadioShrinkedFromSetup", false); Found : user_pref("CT3131886.RadioStationName", "California%20Rock"); Found : user_pref("CT3131886.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT3131886.SHRINK_TOOLBAR", 1); Found : user_pref("CT3131886.SavedHomepage", "about:home"); Found : user_pref("CT3131886.SearchCaption", "Vgrabber1 Customized Web Search"); Found : user_pref("CT3131886.SearchEngineBeforeUnload", "Vgrabber1 Customized Web Search"); Found : user_pref("CT3131886.SearchFromAddressBarIsInit", true); Found : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...] Found : user_pref("CT3131886.SearchInNewTabEnabled", true); Found : user_pref("CT3131886.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3131886.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayli[...] Found : user_pref("CT3131886.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3131886.SearchProtectorEnabled", false); Found : user_pref("CT3131886.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3131886.SendProtectorDataViaLogin", true); Found : user_pref("CT3131886.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight [...] Found : user_pref("CT3131886.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Daylight Ti[...] Found : user_pref("CT3131886.SettingsLastUpdate", "1351523139"); Found : user_pref("CT3131886.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13"); Found : user_pref("CT3131886.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3131886.ThirdPartyComponentsLastCheck", "Tue Oct 16 2012 09:30:39 GMT-0500 (Central Day[...] Found : user_pref("CT3131886.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT3131886.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3131886.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3131886"); Found : user_pref("CT3131886.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3131886.UserID", "UN94108909980738385"); Found : user_pref("CT3131886.ValidationData_Search", 2); Found : user_pref("CT3131886.ValidationData_Toolbar", 2); Found : user_pref("CT3131886.WeatherNetwork", ""); Found : user_pref("CT3131886.WeatherPollDate", "Fri Sep 07 2012 10:46:31 GMT-0500 (Central Daylight Time)"); Found : user_pref("CT3131886.WeatherUnit", "C"); Found : user_pref("CT3131886.alertChannelId", "1528270"); Found : user_pref("CT3131886.approveUntrustedApps", false); Found : user_pref("CT3131886.autoDisableScopes", -1); Found : user_pref("CT3131886.backendstorage.cbcountry_001", "4341"); Found : user_pref("CT3131886.backendstorage.cbfirsttime", "5475652041756720303720323031322031343A34323A30332[...] Found : user_pref("CT3131886.backendstorage.shoppingapp.gk.exipres", "5765642053657020313220323031322031303A[...] Found : user_pref("CT3131886.backendstorage.shoppingapp.gk.geolocation", "63616E616461"); Found : user_pref("CT3131886.backendstorage.url_history0001", "68747470733A2F2F6D796163636F756E742E737475626[...] Found : user_pref("CT3131886.components.1000034", false); Found : user_pref("CT3131886.components.1000082", false); Found : user_pref("CT3131886.components.1000234", false); Found : user_pref("CT3131886.components.129730831435930026", false); Found : user_pref("CT3131886.components.524677150398786033", false); Found : user_pref("CT3131886.components.5905781182315170198", false); Found : user_pref("CT3131886.components.8352985832934023790", false); Found : user_pref("CT3131886.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3131886.globalFirstTimeInfoLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central [...] Found : user_pref("CT3131886.homepageProtectorEnableByLogin", true); Found : user_pref("CT3131886.initDone", true); Found : user_pref("CT3131886.isAppTrackingManagerOn", false); Found : user_pref("CT3131886.isFirstRadioInstallation", false); Found : user_pref("CT3131886.myStuffEnabled", true); Found : user_pref("CT3131886.myStuffPublihserMinWidth", 400); Found : user_pref("CT3131886.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3131886.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3131886.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3131886.navigateToUrlOnSearch", false); Found : user_pref("CT3131886.revertSettingsEnabled", false); Found : user_pref("CT3131886.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3131886.searchProtectorEnableByLogin", true); Found : user_pref("CT3131886.testingCtid", ""); Found : user_pref("CT3131886.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...] Found : user_pref("CT3131886.toolbarContextMenuLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...] Found : user_pref("CT3131886.usagesFlag", 2); Found : user_pref("CT3184201.autoDisableScopes", -1); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber1 Customized Web Search"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3007394/CT3007394[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3131886/CT3131886[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/CA", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1528270/1523533/CA", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3131886", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3131886",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f61[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jimmy\\AppData\\Roaming\\Mozilla\\F[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT3007394,CT3131886"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3007394,CT3131886"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394,CT3131886"); Found : user_pref("CommunityToolbar.globalUserId", "cfa6a056-b3a6-49dd-a5f4-6a527a1dde7b"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3131886"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:2[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", true); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 30 2012 14:53:35 GMT-050[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 30 2012 14:53:25 GMT-0500 (C[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "3d548f0a-0364-4773-aaad-ddf9ba381f72"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406"); Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("browser.search.defaultenginename", "SweetIM Search"); Found : user_pref("browser.search.defaultthis.engineName", "Vgrabber1 Customized Web Search"); Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13"); Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.babExt", ""); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 17); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltSrch", true); Found : user_pref("extensions.BabylonToolbar.hmpg", true); Found : user_pref("extensions.BabylonToolbar.id", "3421d9cb0000000000006c626d04a8ee"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15311"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...] Found : user_pref("extensions.BabylonToolbar.lastDP", 17); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:30:40"); Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0"); Found : user_pref("extensions.BabylonToolbar.newTab", true); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.propectorlck", 62716807); Found : user_pref("extensions.BabylonToolbar.prtkDS", 1); Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.ptch_0717", true); Found : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:30:40"); Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "3421d9cb0000000000006c626d04a8ee"); Found : user_pref("extensions.BabylonToolbar_i.id", "3421d9cb0000000000006c626d04a8ee"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15311"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:30:40"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true); Found : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1345846103); Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...] Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false); Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false); Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false); Found : user_pref("extensions.crossriderapp5060.5060.active", true); Found : user_pref("extensions.crossriderapp5060.5060.addressbar", ""); Found : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...] Found : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7); Found : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true); Found : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", ""); Found : user_pref("extensions.crossriderapp5060.5060.changeprevious", false); Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1345846103"); Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1345846103"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 15:[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22CA%22"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351627333"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1346215148681"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22"); Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2271399%22"); Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1346215132842"); Found : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick"); Found : user_pref("extensions.crossriderapp5060.5060.domain", ""); Found : user_pref("extensions.crossriderapp5060.5060.enablesearch", false); Found : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", ""); Found : user_pref("extensions.crossriderapp5060.5060.group", 0); Found : user_pref("extensions.crossriderapp5060.5060.homepage", ""); Found : user_pref("extensions.crossriderapp5060.5060.iframe", false); Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37"); Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0"); Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D"); Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Oct 30[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true"); Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D"); Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Found : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Found : user_pref("extensions.crossriderapp5060.5060.manifesturl", ""); Found : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick"); Found : user_pref("extensions.crossriderapp5060.5060.newtab", ""); Found : user_pref("extensions.crossriderapp5060.5060.opensearch", ""); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background"); Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1); Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015"); Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...] Found : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Found : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15); Found : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps"); Found : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0); Found : user_pref("extensions.crossriderapp5060.5060.setnewtab", false); Found : user_pref("extensions.crossriderapp5060.5060.settingsurl", ""); Found : user_pref("extensions.crossriderapp5060.5060.thankyou", ""); Found : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360); Found : user_pref("extensions.crossriderapp5060.5060.ver", 37); Found : user_pref("extensions.crossriderapp5060.adsOldValue", -1); Found : user_pref("extensions.crossriderapp5060.apps", "5060"); Found : user_pref("extensions.crossriderapp5060.bic", "13970ac45d1fea38dfe70a3d79b4c9f2"); Found : user_pref("extensions.crossriderapp5060.cid", 5060); Found : user_pref("extensions.crossriderapp5060.firstrun", false); Found : user_pref("extensions.crossriderapp5060.hadappinstalled", true); Found : user_pref("extensions.crossriderapp5060.installationdate", 1346215105); Found : user_pref("extensions.crossriderapp5060.lastcheck", 22527113); Found : user_pref("extensions.crossriderapp5060.lastcheckitem", 22527130); Found : user_pref("extensions.crossriderapp5060.modetype", "production"); Found : user_pref("extensions.enabledAddons", "facecons@facecons.com:1.1,plugin@yontoo.com:1.20.00,{167d9323[...] Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...] Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Vgrabber1 Customized Web Search[...] Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT31[...] Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com"); Found : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q="); Found : user_pref("browser.search.selectedEngine", "Plus! Network"); Profile name : default File : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\7pky55tm.default\prefs.js [OK] File is clean. -\\ Chromium v [unable to get version] File : C:\Users\Jimmy\AppData\Local\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [69599 octets] - [18/11/2012 13:36:24] ########## EOF - C:\AdwCleaner[R1].txt - [69660 octets] ##########
-
Thanks for responding! Ok I have done the check disk. I only did it to the C: drive, should I also do it to the D:? There were 4 bad sectors. My computer is still useless. If I start it up normally, it is so slow I can't do anything on it (can't open anything and VERY slow to close the start up programs...Messenger etc). My only option at that point is to press the power button to turn it off and restart in safe mode. Here are the logs: DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1 Run by Jimmy at 13:31:10 on 2012-11-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.7164 [GMT -6:00] . AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.bing.com/search?q={searchTerms} uSearch Page = hxxp://www.bing.com/search?q={searchTerms} mStart Page = hxxp://home.sweetim.com uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms} uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned> uURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll mURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll mURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll mWinlogon: Userinit = userinit.exe, BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned> BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - <orphaned> BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: FACECONS Class: {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll BHO: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Vgrabber1 Toolbar: {F9BBF004-6E40-4019-8214-C43A37E1D058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> TB: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll TB: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Jimmy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDOR~1.LNK - C:\Program Files (x86)\Sendori\SendoriTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E} : NameServer = 216.146.35.240,216.146.36.240,192.168.0.1 TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: klogon - <no file> SSODL: WebCheck - <orphaned> x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned> x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q= FF - prefs.js: browser.search.selectedEngine - Plus! NetworkFF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\plugins\np-mswmp.dll FF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - 3421d9cb0000000000006c626d04a8ee FF - user.js: extensions.BabylonToolbar_i.hardId - 3421d9cb0000000000006c626d04a8ee FF - user.js: extensions.BabylonToolbar_i.instlDay - 15311 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30:40 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extentions.y2layers.installId - 9b328715-24ae-461e-8bba-b4f73784588c FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader, . ============= SERVICES / DRIVERS =============== . R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 29488] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-12 56344] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-12 239616] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-12 202752] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?] S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [2012-8-24 1695776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-12 13336] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-16 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-16 676936] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-8 1153368] S2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-8-5 98168] S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-12-3 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-1 25928] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-12 763904] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-7 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-17 18:17:27 -------- d-----w- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644} 2012-11-17 03:21:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-17 01:39:59 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-11-12 02:05:12 -------- d--h--w- C:\ProgramData\Common Files 2012-11-12 02:05:12 -------- d-----w- C:\ProgramData\MFAData 2012-11-11 02:41:12 -------- d-----w- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE} 2012-11-11 02:38:12 181808 ----a-w- C:\Windows\RegBootClean.exe 2012-11-11 02:32:02 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-11-10 20:12:18 -------- d-----w- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1} 2012-11-10 19:42:44 -------- d-----w- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A} 2012-11-10 19:05:50 -------- d-----w- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E} 2012-11-10 01:50:22 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\mpengine.dll 2012-11-09 13:30:54 -------- d-----w- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2} 2012-11-08 17:07:16 -------- d-----w- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A} 2012-11-07 16:54:07 -------- d-----w- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4} 2012-11-06 18:58:00 -------- d-----w- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65} 2012-11-06 05:45:55 -------- d-----w- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0} 2012-11-06 05:15:52 -------- d-----w- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA} 2012-11-06 05:11:55 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-11-06 05:11:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-06 05:11:03 -------- d-----w- C:\Program Files\iTunes 2012-11-06 05:11:03 -------- d-----w- C:\Program Files\iPod 2012-11-05 17:09:21 -------- d-----w- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7} 2012-11-02 01:59:46 -------- d-----w- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73} 2012-10-31 20:26:08 -------- d-----w- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE} 2012-10-29 02:50:50 -------- d-----w- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6} 2012-10-26 18:50:08 -------- d-----w- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291} . ==================== Find3M ==================== . 2012-10-27 00:03:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-10-27 00:03:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-10-22 20:31:54 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-10-09 05:43:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 05:43:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-19 22:48:47 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll . ============= FINISH: 13:33:05.15 ===============