Jump to content

Big problems!


nncout

Recommended Posts

Computer is seriously lagging. Can't do much with it, extremely slow. Ran malwarebytes and spybot

but same issues.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 07/08/2010 11:28:03 AM

System Uptime: 17/11/2012 12:22:56 PM (0 hours ago)

.

Motherboard: MSI | | IONA

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 770.701 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.621 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: 802.11n Wireless LAN Card

Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3

Manufacturer: Ralink Technology, Corp.

Name: 802.11n Wireless LAN Card

PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3

Service: netr28x

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP386: 09/11/2012 7:49:46 PM - Windows Update

.

==== Installed Programs ======================

.

AC3D 6.8.14

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

aMSN 0.98.4

APB Reloaded

appbario8 Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Bonjour

Browser Manager

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combat Arms

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

Dead Island

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectX for Managed Code Update (Summer 2004)

DVD Menu Pack for HP MediaSmart Video

facecons

Google Toolbar for Internet Explorer

Google Update Helper

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

HydraVision

iCloud

Intel® Rapid Storage Technology

IrfanView (remove only)

iTunes

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Kaspersky Internet Security 2012

LabelPrint

Lernout & Hauspie TruVoice American English TTS Engine

LightScribe System Software

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Messenger Companion

Messenger Plus! 5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Live Search Toolbar

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Home and Student 60 day trial

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft XNA Framework Redistributable 4.0

MobileMe Control Panel

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NexDef Plug-in

NVIDIA PhysX

Pando Media Booster

PlayBryte

PlayReady PC Runtime amd64

POV-Ray for Windows v3.62

Power2Go

PowerDirector

PunkBuster Services

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Sendori

Skype Click to Call

Skype™ 5.10

Spybot - Search & Destroy

Steam

TurboTax 2010

TurboTax 2011

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vgrabber1 Toolbar

VoiceOver Kit

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

Yontoo Layers Runtime 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

17/11/2012 12:23:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

17/11/2012 12:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

17/11/2012 12:23:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

17/11/2012 12:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

17/11/2012 12:23:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:21:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.

17/11/2012 12:18:51 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.

17/11/2012 11:45:06 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

17/11/2012 10:13:15 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.

16/11/2012 9:38:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

16/11/2012 9:36:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

16/11/2012 9:36:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

16/11/2012 9:35:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF spldr Wanarpv6

16/11/2012 7:46:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sendori service.

16/11/2012 7:34:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NATALIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}. The master browser is stopping or an election is being forced.

16/11/2012 3:59:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C71DCB6-848C-4E73-9571-BCE123CE7E65}. The master browser is stopping or an election is being forced.

16/11/2012 10:09:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

16/11/2012 10:08:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Browser Manager service to connect.

16/11/2012 10:08:15 PM, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/11/2012 10:05:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

16/11/2012 10:05:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

13/11/2012 12:55:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.

13/11/2012 1:05:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

13/11/2012 1:05:36 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/11/2012 4:21:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

12/11/2012 3:55:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/11/2012 3:55:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

12/11/2012 3:54:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

11/11/2012 9:57:31 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/11/2012 9:57:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

11/11/2012 9:57:14 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:55:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.

11/11/2012 9:55:26 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:54:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

11/11/2012 9:54:56 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:54:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

11/11/2012 9:54:21 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:53:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

11/11/2012 9:53:09 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:52:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:07:44 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

11/11/2012 8:44:04 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

11/11/2012 7:51:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

11/11/2012 7:15:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

11/11/2012 7:15:25 PM, Error: Service Control Manager [7022] - The Portable Device Enumerator Service service hung on starting.

11/11/2012 7:15:18 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

11/11/2012 7:13:41 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.

11/11/2012 7:11:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/11/2012 7:11:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 7:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/11/2012 7:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

11/11/2012 7:10:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

11/11/2012 7:10:15 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 7:04:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sendori service to connect.

11/11/2012 7:04:06 PM, Error: Service Control Manager [7000] - The Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 7:03:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

11/11/2012 7:03:36 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 10:02:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

11/11/2012 10:02:22 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 8:23:12 PM, Error: Service Control Manager [7034] - The Sendori service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:23:00 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:22:47 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:21:51 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:21:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/11/2012 7:58:17 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 4:51:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.

10/11/2012 4:51:42 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 4:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

10/11/2012 4:50:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

10/11/2012 4:50:22 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 4:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

10/11/2012 3:44:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the p2psvc service.

10/11/2012 3:44:41 PM, Error: Service Control Manager [7000] - The Peer Networking Grouping service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 3:44:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

10/11/2012 3:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

10/11/2012 3:34:14 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/11/2012 3:33:06 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.

10/11/2012 2:56:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/11/2012 2:55:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

10/11/2012 2:55:29 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 2:22:16 PM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.

10/11/2012 2:11:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

10/11/2012 1:13:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.

.

==== End Of File ===========================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 07/08/2010 11:28:03 AM

System Uptime: 17/11/2012 12:22:56 PM (0 hours ago)

.

Motherboard: MSI | | IONA

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 770.701 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.621 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: 802.11n Wireless LAN Card

Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3

Manufacturer: Ralink Technology, Corp.

Name: 802.11n Wireless LAN Card

PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3

Service: netr28x

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP386: 09/11/2012 7:49:46 PM - Windows Update

.

==== Installed Programs ======================

.

AC3D 6.8.14

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

aMSN 0.98.4

APB Reloaded

appbario8 Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Bonjour

Browser Manager

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combat Arms

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

Dead Island

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectX for Managed Code Update (Summer 2004)

DVD Menu Pack for HP MediaSmart Video

facecons

Google Toolbar for Internet Explorer

Google Update Helper

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

HydraVision

iCloud

Intel® Rapid Storage Technology

IrfanView (remove only)

iTunes

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Kaspersky Internet Security 2012

LabelPrint

Lernout & Hauspie TruVoice American English TTS Engine

LightScribe System Software

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Messenger Companion

Messenger Plus! 5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Live Search Toolbar

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Home and Student 60 day trial

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft XNA Framework Redistributable 4.0

MobileMe Control Panel

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NexDef Plug-in

NVIDIA PhysX

Pando Media Booster

PlayBryte

PlayReady PC Runtime amd64

POV-Ray for Windows v3.62

Power2Go

PowerDirector

PunkBuster Services

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Sendori

Skype Click to Call

Skype™ 5.10

Spybot - Search & Destroy

Steam

TurboTax 2010

TurboTax 2011

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vgrabber1 Toolbar

VoiceOver Kit

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

Yontoo Layers Runtime 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

17/11/2012 12:23:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

17/11/2012 12:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

17/11/2012 12:23:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

17/11/2012 12:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

17/11/2012 12:23:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

17/11/2012 12:21:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.

17/11/2012 12:18:51 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.

17/11/2012 11:45:06 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

17/11/2012 10:13:15 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.

16/11/2012 9:38:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

16/11/2012 9:36:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

16/11/2012 9:36:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

16/11/2012 9:35:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF spldr Wanarpv6

16/11/2012 7:46:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sendori service.

16/11/2012 7:34:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NATALIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}. The master browser is stopping or an election is being forced.

16/11/2012 3:59:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C71DCB6-848C-4E73-9571-BCE123CE7E65}. The master browser is stopping or an election is being forced.

16/11/2012 10:09:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

16/11/2012 10:08:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Browser Manager service to connect.

16/11/2012 10:08:15 PM, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/11/2012 10:05:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

16/11/2012 10:05:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

13/11/2012 12:55:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.

13/11/2012 1:05:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

13/11/2012 1:05:36 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/11/2012 4:21:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

12/11/2012 3:55:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/11/2012 3:55:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

12/11/2012 3:54:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

11/11/2012 9:57:31 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/11/2012 9:57:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

11/11/2012 9:57:14 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:55:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.

11/11/2012 9:55:26 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:54:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

11/11/2012 9:54:56 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:54:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

11/11/2012 9:54:21 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:53:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

11/11/2012 9:53:09 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:52:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:32:04 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 9:07:44 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

11/11/2012 8:44:04 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

11/11/2012 7:51:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

11/11/2012 7:15:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

11/11/2012 7:15:25 PM, Error: Service Control Manager [7022] - The Portable Device Enumerator Service service hung on starting.

11/11/2012 7:15:18 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

11/11/2012 7:13:41 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.

11/11/2012 7:11:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/11/2012 7:11:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 7:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/11/2012 7:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

11/11/2012 7:10:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

11/11/2012 7:10:15 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 7:04:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sendori service to connect.

11/11/2012 7:04:06 PM, Error: Service Control Manager [7000] - The Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 7:03:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

11/11/2012 7:03:36 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2012 10:02:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

11/11/2012 10:02:22 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 8:23:12 PM, Error: Service Control Manager [7034] - The Sendori service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:23:00 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:22:47 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:21:51 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 8:21:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/11/2012 7:58:17 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).

10/11/2012 4:51:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.

10/11/2012 4:51:42 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 4:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

10/11/2012 4:50:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

10/11/2012 4:50:22 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 4:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

10/11/2012 3:44:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the p2psvc service.

10/11/2012 3:44:41 PM, Error: Service Control Manager [7000] - The Peer Networking Grouping service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 3:44:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

10/11/2012 3:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

10/11/2012 3:34:14 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/11/2012 3:33:06 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.

10/11/2012 2:56:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/11/2012 2:55:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

10/11/2012 2:55:29 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2012 2:22:16 PM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.

10/11/2012 2:11:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

10/11/2012 1:13:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

I notice this error in the log you posted:

The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.

Please see the below link to run the Check Disk:

http://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

=====

Next, please re-run DDS and post the contents of DDS.txt in your reply.

=====

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the contents of the following logs:

  • DDS.txt.
  • AdwCleaner[R1].txt.

How is your computer currently running?

Link to post
Share on other sites

Thanks for responding! Ok I have done the check disk. I only did it to the C: drive, should I also do it to the D:?

There were 4 bad sectors.

My computer is still useless. If I start it up normally, it is so slow I can't do anything on it (can't open anything and VERY slow

to close the start up programs...Messenger etc). My only option at that point is to press the power button to turn it off and restart in safe mode.

Here are the logs:

DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1

Run by Jimmy at 13:31:10 on 2012-11-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.7164 [GMT -6:00]

.

AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}

uSearch Page = hxxp://www.bing.com/search?q={searchTerms}

mStart Page = hxxp://home.sweetim.com

uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}

uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned>

uURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll

uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll

mURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mWinlogon: Userinit = userinit.exe,

BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - <orphaned>

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: FACECONS Class: {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

BHO: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vgrabber1 Toolbar: {F9BBF004-6E40-4019-8214-C43A37E1D058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll

TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

TB: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dll

TB: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Jimmy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDOR~1.LNK - C:\Program Files (x86)\Sendori\SendoriTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E} : NameServer = 216.146.35.240,216.146.36.240,192.168.0.1

TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: klogon - <no file>

SSODL: WebCheck - <orphaned>

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>

x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=

FF - prefs.js: browser.search.selectedEngine - Plus! NetworkFF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - 3421d9cb0000000000006c626d04a8ee

FF - user.js: extensions.BabylonToolbar_i.hardId - 3421d9cb0000000000006c626d04a8ee

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15311

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30:40

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extentions.y2layers.installId - 9b328715-24ae-461e-8bba-b4f73784588c

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 29488]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-12 56344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-12 239616]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-12 202752]

S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]

S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [2012-8-24 1695776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-12 13336]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-16 399432]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-16 676936]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-8 1153368]

S2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-8-5 98168]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-12-3 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-1 25928]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-12 763904]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-7 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-17 18:17:27 -------- d-----w- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644}

2012-11-17 03:21:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-17 01:39:59 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-11-12 02:05:12 -------- d--h--w- C:\ProgramData\Common Files

2012-11-12 02:05:12 -------- d-----w- C:\ProgramData\MFAData

2012-11-11 02:41:12 -------- d-----w- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE}

2012-11-11 02:38:12 181808 ----a-w- C:\Windows\RegBootClean.exe

2012-11-11 02:32:02 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-11-10 20:12:18 -------- d-----w- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1}

2012-11-10 19:42:44 -------- d-----w- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A}

2012-11-10 19:05:50 -------- d-----w- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E}

2012-11-10 01:50:22 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\mpengine.dll

2012-11-09 13:30:54 -------- d-----w- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2}

2012-11-08 17:07:16 -------- d-----w- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A}

2012-11-07 16:54:07 -------- d-----w- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4}

2012-11-06 18:58:00 -------- d-----w- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65}

2012-11-06 05:45:55 -------- d-----w- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0}

2012-11-06 05:15:52 -------- d-----w- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA}

2012-11-06 05:11:55 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-11-06 05:11:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-06 05:11:03 -------- d-----w- C:\Program Files\iTunes

2012-11-06 05:11:03 -------- d-----w- C:\Program Files\iPod

2012-11-05 17:09:21 -------- d-----w- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7}

2012-11-02 01:59:46 -------- d-----w- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73}

2012-10-31 20:26:08 -------- d-----w- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE}

2012-10-29 02:50:50 -------- d-----w- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6}

2012-10-26 18:50:08 -------- d-----w- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291}

.

==================== Find3M ====================

.

2012-10-27 00:03:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-10-27 00:03:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-10-22 20:31:54 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-10-09 05:43:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 05:43:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-19 22:48:47 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

.

============= FINISH: 13:33:05.15 ===============

Link to post
Share on other sites

Here is the adwcleaner:

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 13:36:24

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jimmy - JIMMY-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Jimmy\Documents\AC3D\Elemental Swords\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\user.js

File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\bProtect.xml

File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Conduit.xml

File Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Plusnetwork.xml

Folder Found : C:\Program Files (x86)\appbario8

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\iBryte

Folder Found : C:\Program Files (x86)\Vgrabber1

Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Jimmy\AppData\Local\blekkotb

Folder Found : C:\Users\Jimmy\AppData\Local\Conduit

Folder Found : C:\Users\Jimmy\AppData\Local\Ilivid Player

Folder Found : C:\Users\Jimmy\AppData\Local\Savings Sidekick

Folder Found : C:\Users\Jimmy\AppData\Local\Temp\BabylonToolbar

Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3007394

Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3131886

Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3184201

Folder Found : C:\Users\Jimmy\AppData\LocalLow\appbario8

Folder Found : C:\Users\Jimmy\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Jimmy\AppData\LocalLow\Conduit

Folder Found : C:\Users\Jimmy\AppData\LocalLow\iBryte

Folder Found : C:\Users\Jimmy\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Jimmy\AppData\LocalLow\searchquband

Folder Found : C:\Users\Jimmy\AppData\LocalLow\Vgrabber1

Folder Found : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ConduitCommon

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3007394

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3131886

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970}

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\bbrs_002@blabbers.com

Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\plugin@yontoo.com

Folder Found : C:\Users\Jimmy\AppData\Roaming\OpenCandy

Folder Found : C:\Users\Natalie\AppData\LocalLow\iBryte

Folder Found : C:\Users\Natalie\AppData\LocalLow\searchquband

Folder Found : C:\Users\Natalie\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\appbario8

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Savings Sidekick

Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\Vgrabber1

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\bProtector

Key Found : HKCU\Software\BrowserCompanion

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\Software\appbario8

Key Found : HKLM\Software\Bandoo

Key Found : HKLM\Software\bProtector

Key Found : HKLM\Software\BrowserCompanion

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO

Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel

Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm

Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar

Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3007394

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3131886

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3184201

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\ilivid

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA50D456-3601-4EC6-8A34-C01E45446CA7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\Software\Vgrabber1

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA50D456-3601-4EC6-8A34-C01E45446CA7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A33D171-D518-4AD2-8F6B-ABFA74A16F4C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF7076-CF8E-4D3C-A14E-8E1C1FB34C78}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D58D29-630F-46DE-89F1-A4A099DA22A6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8D2AFC-110B-463A-8764-8A742525F37C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 Toolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Software

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default

File : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js

Found : user_pref("CT3007394..clientLogIsEnabled", false);

Found : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT3007394.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129647087198219321", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129647087427906824", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129651294520663109", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129659125714113035", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129660184590163266", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129682607808034876", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129738834384600252", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_129742041561828741", true);

Found : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true);

Found : user_pref("CT3007394.CT3007394", "CT3007394");

Found : user_pref("CT3007394.CurrentServerDate", "30-10-2012");

Found : user_pref("CT3007394.DSInstall", false);

Found : user_pref("CT3007394.DialogsAlignMode", "LTR");

Found : user_pref("CT3007394.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]

Found : user_pref("CT3007394.DownloadReferralCookieData", "");

Found : user_pref("CT3007394.FirstServerDate", "4-12-2011");

Found : user_pref("CT3007394.FirstTime", true);

Found : user_pref("CT3007394.FirstTimeFF3", true);

Found : user_pref("CT3007394.FixPageNotFoundErrors", false);

Found : user_pref("CT3007394.GroupingServerCheckInterval", 1440);

Found : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT3007394.HPInstall", false);

Found : user_pref("CT3007394.HasUserGlobalKeys", true);

Found : user_pref("CT3007394.HomePageProtectorEnabled", false);

Found : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");

Found : user_pref("CT3007394.Initialize", true);

Found : user_pref("CT3007394.InitializeCommonPrefs", true);

Found : user_pref("CT3007394.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT3007394.InstallationType", "Unknown");

Found : user_pref("CT3007394.InstalledDate", "Mon Nov 14 2011 10:07:27 GMT-0600 (Central Standard Time)");

Found : user_pref("CT3007394.InvalidateCache", false);

Found : user_pref("CT3007394.IsAlertDBUpdated", true);

Found : user_pref("CT3007394.IsGrouping", false);

Found : user_pref("CT3007394.IsInitSetupIni", true);

Found : user_pref("CT3007394.IsMulticommunity", false);

Found : user_pref("CT3007394.IsOpenThankYouPage", true);

Found : user_pref("CT3007394.IsOpenUninstallPage", false);

Found : user_pref("CT3007394.IsProtectorsInit", true);

Found : user_pref("CT3007394.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Dayligh[...]

Found : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT3007394.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT3007394.LastLogin_3.8.0.8", "Sat Dec 17 2011 15:10:00 GMT-0600 (Central Standard Time)"[...]

Found : user_pref("CT3007394.LastLogin_3.8.1.0", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)"[...]

Found : user_pref("CT3007394.LatestVersion", "3.14.1.0");

Found : user_pref("CT3007394.Locale", "en-us");

Found : user_pref("CT3007394.MCDetectTooltipHeight", "83");

Found : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT3007394.MCDetectTooltipWidth", "295");

Found : user_pref("CT3007394.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6");

Found : user_pref("CT3007394.RadioIsPodcast", false);

Found : user_pref("CT3007394.RadioLastCheckTime", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT3007394.RadioLastUpdateIPServer", "3");

Found : user_pref("CT3007394.RadioLastUpdateServer", "3");

Found : user_pref("CT3007394.RadioMediaID", "9962");

Found : user_pref("CT3007394.RadioMediaType", "Media Player");

Found : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962");

Found : user_pref("CT3007394.RadioShrinkedFromSetup", false);

Found : user_pref("CT3007394.RadioStationName", "California%20Rock");

Found : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx");

Found : user_pref("CT3007394.SearchBoxWidth", 172);

Found : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search");

Found : user_pref("CT3007394.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Found : user_pref("CT3007394.SearchFromAddressBarIsInit", true);

Found : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]

Found : user_pref("CT3007394.SearchInNewTabEnabled", true);

Found : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Dayli[...]

Found : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT3007394.SearchProtectorEnabled", false);

Found : user_pref("CT3007394.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT3007394.SendProtectorDataViaLogin", true);

Found : user_pref("CT3007394.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight [...]

Found : user_pref("CT3007394.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight Ti[...]

Found : user_pref("CT3007394.SettingsLastUpdate", "1351523139");

Found : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13");

Found : user_pref("CT3007394.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 22:49:54 GMT-0500 (Central Day[...]

Found : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586");

Found : user_pref("CT3007394.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394");

Found : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT3007394.UserID", "UN46344112059454257");

Found : user_pref("CT3007394.ValidationData_Search", 0);

Found : user_pref("CT3007394.ValidationData_Toolbar", 2);

Found : user_pref("CT3007394.alertChannelId", "1399123");

Found : user_pref("CT3007394.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Found : user_pref("CT3007394.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Found : user_pref("CT3007394.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Found : user_pref("CT3007394.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]

Found : user_pref("CT3007394.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Found : user_pref("CT3007394.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Found : user_pref("CT3007394.backendstorage./9b+7e06cg5el8:", "6E6D6F6F73717474706F");

Found : user_pref("CT3007394.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757579777A7A7675242F4B4947[...]

Found : user_pref("CT3007394.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Found : user_pref("CT3007394.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Found : user_pref("CT3007394.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Found : user_pref("CT3007394.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Found : user_pref("CT3007394.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Found : user_pref("CT3007394.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Found : user_pref("CT3007394.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Found : user_pref("CT3007394.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Found : user_pref("CT3007394.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Found : user_pref("CT3007394.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Found : user_pref("CT3007394.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Found : user_pref("CT3007394.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Found : user_pref("CT3007394.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Found : user_pref("CT3007394.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Found : user_pref("CT3007394.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Found : user_pref("CT3007394.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Found : user_pref("CT3007394.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Found : user_pref("CT3007394.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Found : user_pref("CT3007394.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Found : user_pref("CT3007394.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Found : user_pref("CT3007394.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Found : user_pref("CT3007394.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Found : user_pref("CT3007394.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Found : user_pref("CT3007394.backendstorage./9b-0?3g>d", "396B3B3E6E3E75417A4578787A207449787B254D5253512A54[...]

Found : user_pref("CT3007394.backendstorage./9b-0?3g@6:5;", "");

Found : user_pref("CT3007394.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]

Found : user_pref("CT3007394.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Found : user_pref("CT3007394.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]

Found : user_pref("CT3007394.backendstorage./9b5ba==9cjag", "393A6E6A737443457A7246737A787649784E224C7C");

Found : user_pref("CT3007394.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F737174747577767175");

Found : user_pref("CT3007394.backendstorage./9b90e@8ff=eg", "393F352F3E");

Found : user_pref("CT3007394.backendstorage./9b9643g3/9e", "6A");

Found : user_pref("CT3007394.backendstorage./9b<:222h64<", "393F352F3E");

Found : user_pref("CT3007394.backendstorage./9b=+03eh8h8j?:", "4443");

Found : user_pref("CT3007394.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Found : user_pref("CT3007394.backendstorage./9b?b0d:8aj62<h", "6D");

Found : user_pref("CT3007394.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Found : user_pref("CT3007394.backendstorage.activationstep", "31");

Found : user_pref("CT3007394.backendstorage.autocompletepro_enable", "31");

Found : user_pref("CT3007394.backendstorage.autocompletepro_enable_auto", "31");

Found : user_pref("CT3007394.backendstorage.cbfirsttime", "4D6F6E204E6F7620313420323031312031303A30373A32372[...]

Found : user_pref("CT3007394.backendstorage.dealplyhardid", "333538313534373730313635343535393539");

Found : user_pref("CT3007394.backendstorage.dealplywasshownctsettingswidget", "31");

Found : user_pref("CT3007394.backendstorage.firstrun", "31333233303331323231363233");

Found : user_pref("CT3007394.backendstorage.hxxp://api10_starwebnet_com.pid2", "6133343337303161646330626136[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "313063666639346433343832[...]

Found : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3130636666393464333438323[...]

Found : user_pref("CT3007394.backendstorage.key_user_agree_ia12", "31");

Found : user_pref("CT3007394.backendstorage.loadtimes", "31");

Found : user_pref("CT3007394.backendstorage.shoppingapp.gk.exipres", "546875204D617220323220323031322032323A[...]

Found : user_pref("CT3007394.backendstorage.shoppingapp.gk.geolocation", "63616E616461");

Found : user_pref("CT3007394.backendstorage.url_history", "68747470733A2F2F7777772E7469636B65746D61737465722[...]

Found : user_pref("CT3007394.backendstorage.url_history_time", "31333235393732333632303539");

Found : user_pref("CT3007394.backendstorage.user_uniqueid", "63356336613138612D336338612D633134612D386434322[...]

Found : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central [...]

Found : user_pref("CT3007394.homepageProtectorEnableByLogin", true);

Found : user_pref("CT3007394.initDone", true);

Found : user_pref("CT3007394.isAppTrackingManagerOn", true);

Found : user_pref("CT3007394.isFirstRadioInstallation", false);

Found : user_pref("CT3007394.myStuffEnabled", true);

Found : user_pref("CT3007394.myStuffPublihserMinWidth", 400);

Found : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT3007394.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT3007394.oldAppsList", "129496561699875753,129496561700500759,111,129754315803927444,129[...]

Found : user_pref("CT3007394.revertSettingsEnabled", false);

Found : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT3007394.searchProtectorEnableByLogin", true);

Found : user_pref("CT3007394.testingCtid", "");

Found : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central D[...]

Found : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central D[...]

Found : user_pref("CT3007394.usagesFlag", 2);

Found : user_pref("CT3131886..clientLogIsEnabled", false);

Found : user_pref("CT3131886..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT3131886..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT3131886.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT3131886.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT3131886.BrowserCompStateIsOpen_129730831435930026", true);

Found : user_pref("CT3131886.CTID", "CT3131886");

Found : user_pref("CT3131886.CurrentServerDate", "30-10-2012");

Found : user_pref("CT3131886.DSChangedManually", false);

Found : user_pref("CT3131886.DSInstall", true);

Found : user_pref("CT3131886.DSProtectChoice", true);

Found : user_pref("CT3131886.DSProtectCount", 3);

Found : user_pref("CT3131886.DialogsAlignMode", "LTR");

Found : user_pref("CT3131886.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]

Found : user_pref("CT3131886.DownloadReferralCookieData", "");

Found : user_pref("CT3131886.EMailNotifierPollDate", "Fri Sep 07 2012 10:51:30 GMT-0500 (Central Daylight Ti[...]

Found : user_pref("CT3131886.FirstServerDate", "7-8-2012");

Found : user_pref("CT3131886.FirstTime", true);

Found : user_pref("CT3131886.FirstTimeFF3", true);

Found : user_pref("CT3131886.FirstTimeHiddenVer", true);

Found : user_pref("CT3131886.FixPageNotFoundErrors", true);

Found : user_pref("CT3131886.GroupingServerCheckInterval", 1440);

Found : user_pref("CT3131886.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT3131886.HPInstall", true);

Found : user_pref("CT3131886.HPProtectChoice", true);

Found : user_pref("CT3131886.HPProtectCount", 1);

Found : user_pref("CT3131886.HasUserGlobalKeys", true);

Found : user_pref("CT3131886.HomePageProtectorEnabled", true);

Found : user_pref("CT3131886.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=[...]

Found : user_pref("CT3131886.Initialize", true);

Found : user_pref("CT3131886.InitializeCommonPrefs", true);

Found : user_pref("CT3131886.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT3131886.InstallationId", "conduitinstaller.exe");

Found : user_pref("CT3131886.InstallationType", "ConduitNSISIntegration");

Found : user_pref("CT3131886.InstalledDate", "Tue Aug 07 2012 14:41:55 GMT-0500 (Central Daylight Time)");

Found : user_pref("CT3131886.InvalidateCache", false);

Found : user_pref("CT3131886.IsAlertDBUpdated", true);

Found : user_pref("CT3131886.IsGrouping", false);

Found : user_pref("CT3131886.IsInitSetupIni", true);

Found : user_pref("CT3131886.IsMulticommunity", false);

Found : user_pref("CT3131886.IsOpenThankYouPage", false);

Found : user_pref("CT3131886.IsOpenUninstallPage", true);

Found : user_pref("CT3131886.IsProtectorsInit", true);

Found : user_pref("CT3131886.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayligh[...]

Found : user_pref("CT3131886.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT3131886.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT3131886.LastLogin_3.13.0.6", "Fri Aug 24 2012 11:27:02 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT3131886.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT3131886.LatestVersion", "3.15.1.0");

Found : user_pref("CT3131886.Locale", "en");

Found : user_pref("CT3131886.MCDetectTooltipHeight", "83");

Found : user_pref("CT3131886.MCDetectTooltipShow", false);

Found : user_pref("CT3131886.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT3131886.MCDetectTooltipWidth", "295");

Found : user_pref("CT3131886.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT3131886.OriginalFirstVersion", "3.13.0.6");

Found : user_pref("CT3131886.RadioIsPodcast", false);

Found : user_pref("CT3131886.RadioLastCheckTime", "Fri Sep 07 2012 10:46:30 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT3131886.RadioLastUpdateIPServer", "3");

Found : user_pref("CT3131886.RadioLastUpdateServer", "3");

Found : user_pref("CT3131886.RadioMediaID", "9962");

Found : user_pref("CT3131886.RadioMediaType", "Media Player");

Found : user_pref("CT3131886.RadioMenuSelectedID", "EBRadioMenu_CT31318869962");

Found : user_pref("CT3131886.RadioShrinkedFromSetup", false);

Found : user_pref("CT3131886.RadioStationName", "California%20Rock");

Found : user_pref("CT3131886.RadioStationURL", "hxxp://feedlive.net/california.asx");

Found : user_pref("CT3131886.SHRINK_TOOLBAR", 1);

Found : user_pref("CT3131886.SavedHomepage", "about:home");

Found : user_pref("CT3131886.SearchCaption", "Vgrabber1 Customized Web Search");

Found : user_pref("CT3131886.SearchEngineBeforeUnload", "Vgrabber1 Customized Web Search");

Found : user_pref("CT3131886.SearchFromAddressBarIsInit", true);

Found : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]

Found : user_pref("CT3131886.SearchInNewTabEnabled", true);

Found : user_pref("CT3131886.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT3131886.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayli[...]

Found : user_pref("CT3131886.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT3131886.SearchProtectorEnabled", false);

Found : user_pref("CT3131886.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT3131886.SendProtectorDataViaLogin", true);

Found : user_pref("CT3131886.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight [...]

Found : user_pref("CT3131886.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Daylight Ti[...]

Found : user_pref("CT3131886.SettingsLastUpdate", "1351523139");

Found : user_pref("CT3131886.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");

Found : user_pref("CT3131886.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT3131886.ThirdPartyComponentsLastCheck", "Tue Oct 16 2012 09:30:39 GMT-0500 (Central Day[...]

Found : user_pref("CT3131886.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT3131886.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT3131886.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3131886");

Found : user_pref("CT3131886.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT3131886.UserID", "UN94108909980738385");

Found : user_pref("CT3131886.ValidationData_Search", 2);

Found : user_pref("CT3131886.ValidationData_Toolbar", 2);

Found : user_pref("CT3131886.WeatherNetwork", "");

Found : user_pref("CT3131886.WeatherPollDate", "Fri Sep 07 2012 10:46:31 GMT-0500 (Central Daylight Time)");

Found : user_pref("CT3131886.WeatherUnit", "C");

Found : user_pref("CT3131886.alertChannelId", "1528270");

Found : user_pref("CT3131886.approveUntrustedApps", false);

Found : user_pref("CT3131886.autoDisableScopes", -1);

Found : user_pref("CT3131886.backendstorage.cbcountry_001", "4341");

Found : user_pref("CT3131886.backendstorage.cbfirsttime", "5475652041756720303720323031322031343A34323A30332[...]

Found : user_pref("CT3131886.backendstorage.shoppingapp.gk.exipres", "5765642053657020313220323031322031303A[...]

Found : user_pref("CT3131886.backendstorage.shoppingapp.gk.geolocation", "63616E616461");

Found : user_pref("CT3131886.backendstorage.url_history0001", "68747470733A2F2F6D796163636F756E742E737475626[...]

Found : user_pref("CT3131886.components.1000034", false);

Found : user_pref("CT3131886.components.1000082", false);

Found : user_pref("CT3131886.components.1000234", false);

Found : user_pref("CT3131886.components.129730831435930026", false);

Found : user_pref("CT3131886.components.524677150398786033", false);

Found : user_pref("CT3131886.components.5905781182315170198", false);

Found : user_pref("CT3131886.components.8352985832934023790", false);

Found : user_pref("CT3131886.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT3131886.globalFirstTimeInfoLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central [...]

Found : user_pref("CT3131886.homepageProtectorEnableByLogin", true);

Found : user_pref("CT3131886.initDone", true);

Found : user_pref("CT3131886.isAppTrackingManagerOn", false);

Found : user_pref("CT3131886.isFirstRadioInstallation", false);

Found : user_pref("CT3131886.myStuffEnabled", true);

Found : user_pref("CT3131886.myStuffPublihserMinWidth", 400);

Found : user_pref("CT3131886.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT3131886.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT3131886.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT3131886.navigateToUrlOnSearch", false);

Found : user_pref("CT3131886.revertSettingsEnabled", false);

Found : user_pref("CT3131886.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT3131886.searchProtectorEnableByLogin", true);

Found : user_pref("CT3131886.testingCtid", "");

Found : user_pref("CT3131886.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]

Found : user_pref("CT3131886.toolbarContextMenuLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]

Found : user_pref("CT3131886.usagesFlag", 2);

Found : user_pref("CT3184201.autoDisableScopes", -1);

Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&Search[...]

Found : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber1 Customized Web Search");

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3007394/CT3007394[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3131886/CT3131886[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/CA", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1528270/1523533/CA", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3131886", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3131886",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f61[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jimmy\\AppData\\Roaming\\Mozilla\\F[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT3007394,CT3131886");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3007394,CT3131886");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394,CT3131886");

Found : user_pref("CommunityToolbar.globalUserId", "cfa6a056-b3a6-49dd-a5f4-6a527a1dde7b");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3131886");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:2[...]

Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 30 2012 14:53:35 GMT-050[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 30 2012 14:53:25 GMT-0500 (C[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "3d548f0a-0364-4773-aaad-ddf9ba381f72");

Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");

Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Found : user_pref("browser.search.defaultenginename", "SweetIM Search");

Found : user_pref("browser.search.defaultthis.engineName", "Vgrabber1 Customized Web Search");

Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 17);

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Found : user_pref("extensions.BabylonToolbar.hmpg", true);

Found : user_pref("extensions.BabylonToolbar.id", "3421d9cb0000000000006c626d04a8ee");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15311");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...]

Found : user_pref("extensions.BabylonToolbar.lastDP", 17);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:30:40");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");

Found : user_pref("extensions.BabylonToolbar.newTab", true);

Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 62716807);

Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:30:40");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "3421d9cb0000000000006c626d04a8ee");

Found : user_pref("extensions.BabylonToolbar_i.id", "3421d9cb0000000000006c626d04a8ee");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15311");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:30:40");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1345846103);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);

Found : user_pref("extensions.crossriderapp5060.5060.active", true);

Found : user_pref("extensions.crossriderapp5060.5060.addressbar", "");

Found : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Found : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);

Found : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);

Found : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");

Found : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);

Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1345846103");

Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1345846103");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 15:[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22CA%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351627333");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1346215148681");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2271399%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1346215132842");

Found : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");

Found : user_pref("extensions.crossriderapp5060.5060.domain", "");

Found : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);

Found : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");

Found : user_pref("extensions.crossriderapp5060.5060.group", 0);

Found : user_pref("extensions.crossriderapp5060.5060.homepage", "");

Found : user_pref("extensions.crossriderapp5060.5060.iframe", false);

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Oct 30[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]

Found : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Found : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");

Found : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");

Found : user_pref("extensions.crossriderapp5060.5060.newtab", "");

Found : user_pref("extensions.crossriderapp5060.5060.opensearch", "");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);

Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");

Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]

Found : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Found : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);

Found : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");

Found : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);

Found : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);

Found : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");

Found : user_pref("extensions.crossriderapp5060.5060.thankyou", "");

Found : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);

Found : user_pref("extensions.crossriderapp5060.5060.ver", 37);

Found : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

Found : user_pref("extensions.crossriderapp5060.apps", "5060");

Found : user_pref("extensions.crossriderapp5060.bic", "13970ac45d1fea38dfe70a3d79b4c9f2");

Found : user_pref("extensions.crossriderapp5060.cid", 5060);

Found : user_pref("extensions.crossriderapp5060.firstrun", false);

Found : user_pref("extensions.crossriderapp5060.hadappinstalled", true);

Found : user_pref("extensions.crossriderapp5060.installationdate", 1346215105);

Found : user_pref("extensions.crossriderapp5060.lastcheck", 22527113);

Found : user_pref("extensions.crossriderapp5060.lastcheckitem", 22527130);

Found : user_pref("extensions.crossriderapp5060.modetype", "production");

Found : user_pref("extensions.enabledAddons", "facecons@facecons.com:1.1,plugin@yontoo.com:1.20.00,{167d9323[...]

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Vgrabber1 Customized Web Search[...]

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT31[...]

Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

Found : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");

Found : user_pref("browser.search.selectedEngine", "Plus! Network");

Profile name : default

File : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\7pky55tm.default\prefs.js

[OK] File is clean.

-\\ Chromium v [unable to get version]

File : C:\Users\Jimmy\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [69599 octets] - [18/11/2012 13:36:24]

########## EOF - C:\AdwCleaner[R1].txt - [69660 octets] ##########

Link to post
Share on other sites

Good morning nncout. :)

Thanks for responding! Ok I have done the check disk. I only did it to the C: drive, should I also do it to the D:?

Go for it. :)

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

=====

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Finally, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please provide the contents of the following logs (you will need to use multiple posts):

  • AdwCleaner[s1].txt.
  • ComboFix.txt.
  • Both MBAR logs.

Link to post
Share on other sites

Ok here are the latest logs...

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 15:59:25

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jimmy - JIMMY-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Jimmy\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\user.js

File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\bProtect.xml

File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Plusnetwork.xml

Folder Deleted : C:\Program Files (x86)\appbario8

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\iBryte

Folder Deleted : C:\Program Files (x86)\Vgrabber1

Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Browser Manager

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Jimmy\AppData\Local\blekkotb

Folder Deleted : C:\Users\Jimmy\AppData\Local\Conduit

Folder Deleted : C:\Users\Jimmy\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Jimmy\AppData\Local\Savings Sidekick

Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3007394

Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3131886

Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3184201

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\appbario8

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\iBryte

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\searchquband

Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\Vgrabber1

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ConduitCommon

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3007394

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3131886

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970}

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\bbrs_002@blabbers.com

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\plugin@yontoo.com

Folder Deleted : C:\Users\Jimmy\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Natalie\AppData\LocalLow\iBryte

Folder Deleted : C:\Users\Natalie\AppData\LocalLow\searchquband

Folder Deleted : C:\Users\Natalie\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\appbario8

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Vgrabber1

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\bProtector

Key Deleted : HKCU\Software\BrowserCompanion

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\Software\appbario8

Key Deleted : HKLM\Software\Bandoo

Key Deleted : HKLM\Software\bProtector

Key Deleted : HKLM\Software\BrowserCompanion

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3007394

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3184201

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\ilivid

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA50D456-3601-4EC6-8A34-C01E45446CA7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\Software\Vgrabber1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA50D456-3601-4EC6-8A34-C01E45446CA7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A33D171-D518-4AD2-8F6B-ABFA74A16F4C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF7076-CF8E-4D3C-A14E-8E1C1FB34C78}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D58D29-630F-46DE-89F1-A4A099DA22A6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8D2AFC-110B-463A-8764-8A742525F37C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBF004-6E40-4019-8214-C43A37E1D058}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9BBF004-6E40-4019-8214-C43A37E1D058}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default

File : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js

C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\user.js ... Deleted !

Deleted : user_pref("CT3007394..clientLogIsEnabled", false);

Deleted : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3007394.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129647087198219321", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129647087427906824", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129651294520663109", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129659125714113035", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129660184590163266", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129682607808034876", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129738834384600252", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129742041561828741", true);

Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true);

Deleted : user_pref("CT3007394.CT3007394", "CT3007394");

Deleted : user_pref("CT3007394.CurrentServerDate", "30-10-2012");

Deleted : user_pref("CT3007394.DSInstall", false);

Deleted : user_pref("CT3007394.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3007394.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]

Deleted : user_pref("CT3007394.DownloadReferralCookieData", "");

Deleted : user_pref("CT3007394.FirstServerDate", "4-12-2011");

Deleted : user_pref("CT3007394.FirstTime", true);

Deleted : user_pref("CT3007394.FirstTimeFF3", true);

Deleted : user_pref("CT3007394.FixPageNotFoundErrors", false);

Deleted : user_pref("CT3007394.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3007394.HPInstall", false);

Deleted : user_pref("CT3007394.HasUserGlobalKeys", true);

Deleted : user_pref("CT3007394.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");

Deleted : user_pref("CT3007394.Initialize", true);

Deleted : user_pref("CT3007394.InitializeCommonPrefs", true);

Deleted : user_pref("CT3007394.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3007394.InstallationType", "Unknown");

Deleted : user_pref("CT3007394.InstalledDate", "Mon Nov 14 2011 10:07:27 GMT-0600 (Central Standard Time)");

Deleted : user_pref("CT3007394.InvalidateCache", false);

Deleted : user_pref("CT3007394.IsAlertDBUpdated", true);

Deleted : user_pref("CT3007394.IsGrouping", false);

Deleted : user_pref("CT3007394.IsInitSetupIni", true);

Deleted : user_pref("CT3007394.IsMulticommunity", false);

Deleted : user_pref("CT3007394.IsOpenThankYouPage", true);

Deleted : user_pref("CT3007394.IsOpenUninstallPage", false);

Deleted : user_pref("CT3007394.IsProtectorsInit", true);

Deleted : user_pref("CT3007394.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Dayligh[...]

Deleted : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3007394.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3007394.LastLogin_3.8.0.8", "Sat Dec 17 2011 15:10:00 GMT-0600 (Central Standard Time)"[...]

Deleted : user_pref("CT3007394.LastLogin_3.8.1.0", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)"[...]

Deleted : user_pref("CT3007394.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT3007394.Locale", "en-us");

Deleted : user_pref("CT3007394.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3007394.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3007394.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6");

Deleted : user_pref("CT3007394.RadioIsPodcast", false);

Deleted : user_pref("CT3007394.RadioLastCheckTime", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3007394.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT3007394.RadioLastUpdateServer", "3");

Deleted : user_pref("CT3007394.RadioMediaID", "9962");

Deleted : user_pref("CT3007394.RadioMediaType", "Media Player");

Deleted : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962");

Deleted : user_pref("CT3007394.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT3007394.RadioStationName", "California%20Rock");

Deleted : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT3007394.SearchBoxWidth", 172);

Deleted : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search");

Deleted : user_pref("CT3007394.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT3007394.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]

Deleted : user_pref("CT3007394.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Dayli[...]

Deleted : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT3007394.SearchProtectorEnabled", false);

Deleted : user_pref("CT3007394.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3007394.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3007394.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight [...]

Deleted : user_pref("CT3007394.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT3007394.SettingsLastUpdate", "1351523139");

Deleted : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13");

Deleted : user_pref("CT3007394.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 22:49:54 GMT-0500 (Central Day[...]

Deleted : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT3007394.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394");

Deleted : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3007394.UserID", "UN46344112059454257");

Deleted : user_pref("CT3007394.ValidationData_Search", 0);

Deleted : user_pref("CT3007394.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3007394.alertChannelId", "1399123");

Deleted : user_pref("CT3007394.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e06cg5el8:", "6E6D6F6F73717474706F");

Deleted : user_pref("CT3007394.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757579777A7A7675242F4B4947[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT3007394.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT3007394.backendstorage./9b-0?3g>d", "396B3B3E6E3E75417A4578787A207449787B254D5253512A54[...]

Deleted : user_pref("CT3007394.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT3007394.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]

Deleted : user_pref("CT3007394.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT3007394.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]

Deleted : user_pref("CT3007394.backendstorage./9b5ba==9cjag", "393A6E6A737443457A7246737A787649784E224C7C");

Deleted : user_pref("CT3007394.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F737174747577767175");

Deleted : user_pref("CT3007394.backendstorage./9b90e@8ff=eg", "393F352F3E");

Deleted : user_pref("CT3007394.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT3007394.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT3007394.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT3007394.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT3007394.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT3007394.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT3007394.backendstorage.activationstep", "31");

Deleted : user_pref("CT3007394.backendstorage.autocompletepro_enable", "31");

Deleted : user_pref("CT3007394.backendstorage.autocompletepro_enable_auto", "31");

Deleted : user_pref("CT3007394.backendstorage.cbfirsttime", "4D6F6E204E6F7620313420323031312031303A30373A32372[...]

Deleted : user_pref("CT3007394.backendstorage.dealplyhardid", "333538313534373730313635343535393539");

Deleted : user_pref("CT3007394.backendstorage.dealplywasshownctsettingswidget", "31");

Deleted : user_pref("CT3007394.backendstorage.firstrun", "31333233303331323231363233");

Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_starwebnet_com.pid2", "6133343337303161646330626136[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "313063666639346433343832[...]

Deleted : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3130636666393464333438323[...]

Deleted : user_pref("CT3007394.backendstorage.key_user_agree_ia12", "31");

Deleted : user_pref("CT3007394.backendstorage.loadtimes", "31");

Deleted : user_pref("CT3007394.backendstorage.shoppingapp.gk.exipres", "546875204D617220323220323031322032323A[...]

Deleted : user_pref("CT3007394.backendstorage.shoppingapp.gk.geolocation", "63616E616461");

Deleted : user_pref("CT3007394.backendstorage.url_history", "68747470733A2F2F7777772E7469636B65746D61737465722[...]

Deleted : user_pref("CT3007394.backendstorage.url_history_time", "31333235393732333632303539");

Deleted : user_pref("CT3007394.backendstorage.user_uniqueid", "63356336613138612D336338612D633134612D386434322[...]

Deleted : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central [...]

Deleted : user_pref("CT3007394.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3007394.initDone", true);

Deleted : user_pref("CT3007394.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3007394.isFirstRadioInstallation", false);

Deleted : user_pref("CT3007394.myStuffEnabled", true);

Deleted : user_pref("CT3007394.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3007394.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3007394.oldAppsList", "129496561699875753,129496561700500759,111,129754315803927444,129[...]

Deleted : user_pref("CT3007394.revertSettingsEnabled", false);

Deleted : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3007394.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3007394.testingCtid", "");

Deleted : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central D[...]

Deleted : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central D[...]

Deleted : user_pref("CT3007394.usagesFlag", 2);

Deleted : user_pref("CT3131886..clientLogIsEnabled", false);

Deleted : user_pref("CT3131886..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3131886..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3131886.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3131886.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3131886.BrowserCompStateIsOpen_129730831435930026", true);

Deleted : user_pref("CT3131886.CTID", "CT3131886");

Deleted : user_pref("CT3131886.CurrentServerDate", "30-10-2012");

Deleted : user_pref("CT3131886.DSChangedManually", false);

Deleted : user_pref("CT3131886.DSInstall", true);

Deleted : user_pref("CT3131886.DSProtectChoice", true);

Deleted : user_pref("CT3131886.DSProtectCount", 3);

Deleted : user_pref("CT3131886.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3131886.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]

Deleted : user_pref("CT3131886.DownloadReferralCookieData", "");

Deleted : user_pref("CT3131886.EMailNotifierPollDate", "Fri Sep 07 2012 10:51:30 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT3131886.FirstServerDate", "7-8-2012");

Deleted : user_pref("CT3131886.FirstTime", true);

Deleted : user_pref("CT3131886.FirstTimeFF3", true);

Deleted : user_pref("CT3131886.FirstTimeHiddenVer", true);

Deleted : user_pref("CT3131886.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3131886.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3131886.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3131886.HPInstall", true);

Deleted : user_pref("CT3131886.HPProtectChoice", true);

Deleted : user_pref("CT3131886.HPProtectCount", 1);

Deleted : user_pref("CT3131886.HasUserGlobalKeys", true);

Deleted : user_pref("CT3131886.HomePageProtectorEnabled", true);

Deleted : user_pref("CT3131886.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=[...]

Deleted : user_pref("CT3131886.Initialize", true);

Deleted : user_pref("CT3131886.InitializeCommonPrefs", true);

Deleted : user_pref("CT3131886.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3131886.InstallationId", "conduitinstaller.exe");

Deleted : user_pref("CT3131886.InstallationType", "ConduitNSISIntegration");

Deleted : user_pref("CT3131886.InstalledDate", "Tue Aug 07 2012 14:41:55 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT3131886.InvalidateCache", false);

Deleted : user_pref("CT3131886.IsAlertDBUpdated", true);

Deleted : user_pref("CT3131886.IsGrouping", false);

Deleted : user_pref("CT3131886.IsInitSetupIni", true);

Deleted : user_pref("CT3131886.IsMulticommunity", false);

Deleted : user_pref("CT3131886.IsOpenThankYouPage", false);

Deleted : user_pref("CT3131886.IsOpenUninstallPage", true);

Deleted : user_pref("CT3131886.IsProtectorsInit", true);

Deleted : user_pref("CT3131886.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayligh[...]

Deleted : user_pref("CT3131886.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3131886.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3131886.LastLogin_3.13.0.6", "Fri Aug 24 2012 11:27:02 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3131886.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3131886.LatestVersion", "3.15.1.0");

Deleted : user_pref("CT3131886.Locale", "en");

Deleted : user_pref("CT3131886.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3131886.MCDetectTooltipShow", false);

Deleted : user_pref("CT3131886.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3131886.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3131886.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3131886.OriginalFirstVersion", "3.13.0.6");

Deleted : user_pref("CT3131886.RadioIsPodcast", false);

Deleted : user_pref("CT3131886.RadioLastCheckTime", "Fri Sep 07 2012 10:46:30 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3131886.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT3131886.RadioLastUpdateServer", "3");

Deleted : user_pref("CT3131886.RadioMediaID", "9962");

Deleted : user_pref("CT3131886.RadioMediaType", "Media Player");

Deleted : user_pref("CT3131886.RadioMenuSelectedID", "EBRadioMenu_CT31318869962");

Deleted : user_pref("CT3131886.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT3131886.RadioStationName", "California%20Rock");

Deleted : user_pref("CT3131886.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT3131886.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT3131886.SavedHomepage", "about:home");

Deleted : user_pref("CT3131886.SearchCaption", "Vgrabber1 Customized Web Search");

Deleted : user_pref("CT3131886.SearchEngineBeforeUnload", "Vgrabber1 Customized Web Search");

Deleted : user_pref("CT3131886.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]

Deleted : user_pref("CT3131886.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3131886.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3131886.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayli[...]

Deleted : user_pref("CT3131886.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3131886.SearchProtectorEnabled", false);

Deleted : user_pref("CT3131886.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3131886.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3131886.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight [...]

Deleted : user_pref("CT3131886.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT3131886.SettingsLastUpdate", "1351523139");

Deleted : user_pref("CT3131886.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");

Deleted : user_pref("CT3131886.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3131886.ThirdPartyComponentsLastCheck", "Tue Oct 16 2012 09:30:39 GMT-0500 (Central Day[...]

Deleted : user_pref("CT3131886.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3131886.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3131886.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3131886");

Deleted : user_pref("CT3131886.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3131886.UserID", "UN94108909980738385");

Deleted : user_pref("CT3131886.ValidationData_Search", 2);

Deleted : user_pref("CT3131886.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3131886.WeatherNetwork", "");

Deleted : user_pref("CT3131886.WeatherPollDate", "Fri Sep 07 2012 10:46:31 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT3131886.WeatherUnit", "C");

Deleted : user_pref("CT3131886.alertChannelId", "1528270");

Deleted : user_pref("CT3131886.approveUntrustedApps", false);

Deleted : user_pref("CT3131886.autoDisableScopes", -1);

Deleted : user_pref("CT3131886.backendstorage.cbcountry_001", "4341");

Deleted : user_pref("CT3131886.backendstorage.cbfirsttime", "5475652041756720303720323031322031343A34323A30332[...]

Deleted : user_pref("CT3131886.backendstorage.shoppingapp.gk.exipres", "5765642053657020313220323031322031303A[...]

Deleted : user_pref("CT3131886.backendstorage.shoppingapp.gk.geolocation", "63616E616461");

Deleted : user_pref("CT3131886.backendstorage.url_history0001", "68747470733A2F2F6D796163636F756E742E737475626[...]

Deleted : user_pref("CT3131886.components.1000034", false);

Deleted : user_pref("CT3131886.components.1000082", false);

Deleted : user_pref("CT3131886.components.1000234", false);

Deleted : user_pref("CT3131886.components.129730831435930026", false);

Deleted : user_pref("CT3131886.components.524677150398786033", false);

Deleted : user_pref("CT3131886.components.5905781182315170198", false);

Deleted : user_pref("CT3131886.components.8352985832934023790", false);

Deleted : user_pref("CT3131886.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3131886.globalFirstTimeInfoLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central [...]

Deleted : user_pref("CT3131886.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3131886.initDone", true);

Deleted : user_pref("CT3131886.isAppTrackingManagerOn", false);

Deleted : user_pref("CT3131886.isFirstRadioInstallation", false);

Deleted : user_pref("CT3131886.myStuffEnabled", true);

Deleted : user_pref("CT3131886.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3131886.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3131886.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3131886.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3131886.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3131886.revertSettingsEnabled", false);

Deleted : user_pref("CT3131886.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3131886.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3131886.testingCtid", "");

Deleted : user_pref("CT3131886.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]

Deleted : user_pref("CT3131886.toolbarContextMenuLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]

Deleted : user_pref("CT3131886.usagesFlag", 2);

Deleted : user_pref("CT3184201.autoDisableScopes", -1);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber1 Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3007394/CT3007394[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3131886/CT3131886[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/CA", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1528270/1523533/CA", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3131886", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3131886",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f61[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jimmy\\AppData\\Roaming\\Mozilla\\F[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3007394,CT3131886");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3007394,CT3131886");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394,CT3131886");

Deleted : user_pref("CommunityToolbar.globalUserId", "cfa6a056-b3a6-49dd-a5f4-6a527a1dde7b");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3131886");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:2[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 30 2012 14:53:35 GMT-050[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 30 2012 14:53:25 GMT-0500 (C[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "3d548f0a-0364-4773-aaad-ddf9ba381f72");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber1 Customized Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 17);

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);

Deleted : user_pref("extensions.BabylonToolbar.id", "3421d9cb0000000000006c626d04a8ee");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15311");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...]

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 17);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:30:40");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 62716807);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:30:40");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "3421d9cb0000000000006c626d04a8ee");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "3421d9cb0000000000006c626d04a8ee");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15311");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:30:40");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1345846103);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.active", true);

Deleted : user_pref("extensions.crossriderapp5060.5060.addressbar", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);

Deleted : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1345846103");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1345846103");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 15:[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22CA%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351627333");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1346215148681");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2271399%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1346215132842");

Deleted : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");

Deleted : user_pref("extensions.crossriderapp5060.5060.domain", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.group", 0);

Deleted : user_pref("extensions.crossriderapp5060.5060.homepage", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.iframe", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Oct 30[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");

Deleted : user_pref("extensions.crossriderapp5060.5060.newtab", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.opensearch", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);

Deleted : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.thankyou", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp5060.5060.ver", 37);

Deleted : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

Deleted : user_pref("extensions.crossriderapp5060.apps", "5060");

Deleted : user_pref("extensions.crossriderapp5060.bic", "13970ac45d1fea38dfe70a3d79b4c9f2");

Deleted : user_pref("extensions.crossriderapp5060.cid", 5060);

Deleted : user_pref("extensions.crossriderapp5060.firstrun", false);

Deleted : user_pref("extensions.crossriderapp5060.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp5060.installationdate", 1346215105);

Deleted : user_pref("extensions.crossriderapp5060.lastcheck", 22527113);

Deleted : user_pref("extensions.crossriderapp5060.lastcheckitem", 22527130);

Deleted : user_pref("extensions.crossriderapp5060.modetype", "production");

Deleted : user_pref("extensions.enabledAddons", "facecons@facecons.com:1.1,plugin@yontoo.com:1.20.00,{167d9323[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Vgrabber1 Customized Web Search[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT31[...]

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

Deleted : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");

Deleted : user_pref("browser.search.selectedEngine", "Plus! Network");

Profile name : default

File : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\7pky55tm.default\prefs.js

[OK] File is clean.

-\\ Chromium v [unable to get version]

File : C:\Users\Jimmy\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [69662 octets] - [18/11/2012 13:36:24]

AdwCleaner[s1].txt - [69839 octets] - [18/11/2012 15:59:25]

########## EOF - C:\AdwCleaner[s1].txt - [69900 octets] ##########

Link to post
Share on other sites

ComboFix 12-11-16.02 - Jimmy 18/11/2012 16:14:13.1.8 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.7233 [GMT -6:00]

Running from: c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31V22TYB\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\EPLog.txt

C:\Install.exe

c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A34F3D2-7052-458A-B36D-50EFDA250AA9}.xps

c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CAAC404F-D0FE-46E4-B703-1F9428B33BF1}.xps

c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Recent\Terraria.url

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))

.

.

2012-11-18 22:23 . 2012-11-18 22:23 -------- d-----w- c:\users\Natalie\AppData\Local\temp

2012-11-18 22:23 . 2012-11-18 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-18 22:15 . 2012-11-18 22:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\offreg.dll

2012-11-17 18:31 . 2012-11-17 18:31 -------- d-----w- c:\users\Natalie\AppData\Roaming\Malwarebytes

2012-11-17 03:21 . 2012-11-17 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-17 01:39 . 2012-11-17 01:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-12 02:05 . 2012-11-12 02:08 -------- d-----w- c:\programdata\MFAData

2012-11-12 02:05 . 2012-11-12 02:05 -------- d--h--w- c:\programdata\Common Files

2012-11-12 02:05 . 2012-11-12 02:05 -------- d-----w- c:\users\Natalie\AppData\Local\MFAData

2012-11-12 02:05 . 2012-11-12 02:05 -------- d-----w- c:\users\Natalie\AppData\Local\Avg2013

2012-11-11 02:38 . 2012-11-11 02:38 181808 ----a-w- c:\windows\RegBootClean.exe

2012-11-11 02:32 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-11-11 02:28 . 2012-11-11 02:28 -------- d-----w- c:\users\Natalie\AppData\Local\Macromedia

2012-11-11 02:24 . 2012-11-11 02:24 -------- d-----w- c:\users\Natalie\AppData\Local\Mozilla

2012-11-10 01:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\mpengine.dll

2012-11-06 05:11 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\program files\iTunes

2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\program files\iPod

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 15:07 . 2011-04-20 19:50 637272 ----a-w- c:\windows\system32\drivers\klif.sys

2012-10-27 00:03 . 2012-09-19 22:56 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-10-27 00:03 . 2012-09-19 22:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-10-22 20:31 . 2012-09-19 22:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-10-11 08:04 . 2011-01-27 20:20 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 05:43 . 2012-04-01 17:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 05:43 . 2011-05-16 00:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 01:54 . 2011-08-01 16:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-19 22:48 . 2012-09-19 22:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-09-14 19:19 . 2012-10-10 18:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 18:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 18:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 18:19 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 18:19 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 18:19 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 18:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-22 08:00 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 08:00 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 08:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 08:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 21:22 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 21:22 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 21:22 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 21:22 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 21:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 19:01 . 2010-09-01 18:46 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 19:01 . 2010-09-01 18:46 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]

2011-08-01 12:51 167424 ----a-w- c:\program files (x86)\facecons\Facecons.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-10 39408]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768]

.

c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IMVU.lnk - c:\users\Jimmy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]

NexDef Plug-in.lnk - c:\users\Jimmy\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Sendori Tray Icon.lnk - c:\program files (x86)\Sendori\SendoriTray.exe [2011-8-5 74616]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-08-05 98168]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1255736]

R3 X6va001;X6va001;c:\users\Jimmy\AppData\Local\Temp\00149FD.tmp [x]

R3 X6va005;X6va005;c:\users\Jimmy\AppData\Local\Temp\005A6E2.tmp [x]

R3 X6va006;X6va006;c:\users\Jimmy\AppData\Local\Temp\006857.tmp [x]

R3 X6va008;X6va008;c:\users\Jimmy\AppData\Local\Temp\008D597.tmp [x]

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]

R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:43]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 03:27]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 03:27]

.

2012-10-31 c:\windows\Tasks\HPCeeScheduleForJimmy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll

FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{efb1e45a-148d-40f9-a3f0-09d5577f9970} - (no file)

Toolbar-10 - (no file)

Notify-klogon - (no file)

Toolbar-10 - (no file)

WebBrowser-{EFB1E45A-148D-40F9-A3F0-09D5577F9970} - (no file)

HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exe

AddRemove-iBryte_playbryte - c:\program files (x86)\iBryte\playbryte\uninstall.exe

AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe

AddRemove-FoxTab PDF Creator - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]

"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\00149FD.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\005A6E2.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\006857.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\008D597.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-18 16:26:21

ComboFix-quarantined-files.txt 2012-11-18 22:26

.

Pre-Run: 827,313,774,592 bytes free

Post-Run: 827,754,328,064 bytes free

.

- - End Of File - - A47D4EF8C8DDB7B38E495EE867D44E48

Link to post
Share on other sites

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.18.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Jimmy :: JIMMY-PC [administrator]

18/11/2012 4:38:43 PM

mbar-log-2012-11-18 (16-38-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27677

Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.793000 GHz

Memory total: 8547024896, free: 6994915328

------------ Kernel report ------------

11/18/2012 16:32:16

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\kl1.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\kl2.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\klim6.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\hamachi.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\iertutil.dll

\Windows\System32\wininet.dll

\Windows\System32\lpk.dll

\Windows\System32\comdlg32.dll

\Windows\System32\urlmon.dll

\Windows\System32\imm32.dll

\Windows\System32\difxapi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\ws2_32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\oleaut32.dll

\Windows\System32\psapi.dll

\Windows\System32\msctf.dll

\Windows\System32\shlwapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ole32.dll

\Windows\System32\shell32.dll

\Windows\System32\usp10.dll

\Windows\System32\gdi32.dll

\Windows\System32\advapi32.dll

\Windows\System32\nsi.dll

\Windows\System32\kernel32.dll

\Windows\System32\sechost.dll

\Windows\System32\normaliz.dll

\Windows\System32\user32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\setupapi.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR6

Upper Device Object: 0xfffffa800acb6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000088\

Lower Device Object: 0xfffffa80070989e0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa80091ee790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000081\

Lower Device Object: 0xfffffa80096ffb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa80091f3790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000080\

Lower Device Object: 0xfffffa80096f8b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80091f1790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007f\

Lower Device Object: 0xfffffa8009688b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa80091f6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xfffffa8009700b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a8a790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80077b0050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.793000 GHz

Memory total: 8547024896, free: 6987517952

------------ Kernel report ------------

11/18/2012 16:32:38

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\kl1.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\kl2.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\klim6.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\hamachi.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\iertutil.dll

\Windows\System32\wininet.dll

\Windows\System32\lpk.dll

\Windows\System32\comdlg32.dll

\Windows\System32\urlmon.dll

\Windows\System32\imm32.dll

\Windows\System32\difxapi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\ws2_32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\oleaut32.dll

\Windows\System32\psapi.dll

\Windows\System32\msctf.dll

\Windows\System32\shlwapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ole32.dll

\Windows\System32\shell32.dll

\Windows\System32\usp10.dll

\Windows\System32\gdi32.dll

\Windows\System32\advapi32.dll

\Windows\System32\nsi.dll

\Windows\System32\kernel32.dll

\Windows\System32\sechost.dll

\Windows\System32\normaliz.dll

\Windows\System32\user32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\setupapi.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR6

Upper Device Object: 0xfffffa800acb6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000088\

Lower Device Object: 0xfffffa80070989e0

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa8009efab90

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa80091ee790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000081\

Lower Device Object: 0xfffffa80096ffb60

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa8007451740

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa80091f3790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000080\

Lower Device Object: 0xfffffa80096f8b60

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa800a9ec090

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80091f1790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007f\

Lower Device Object: 0xfffffa8009688b60

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa8009ef05c0

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa80091f6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xfffffa8009700b60

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa80096dde40

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a8a790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80077b0050

Lower Device Driver Name: \Driver\iaStor\

Device already Exists: 0xfffffa8009f72e40

Downloaded database version: v2012.11.18.05

Downloaded database version: v2012.11.15.02

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a8a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a8a1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a8a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80077b0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a00fdbd5d0, 0xfffffa8007a8a790, 0xfffffa800af86790

Lower DeviceData: 0xfffff8a003e548b0, 0xfffffa80077b0050, 0xfffffa8009f72e40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1929621504

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1929828352 Numsec = 23693312

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800acb6790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009fc0140, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800acb6790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80070989e0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a00fc04730, 0xfffffa800acb6790, 0xfffffa800b1f0090

Lower DeviceData: 0xfffff8a003e8ab70, 0xfffffa80070989e0, 0xfffffa8009efab90

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 4030201

Partition information:

Partition 0 type is Other (0x6)

Partition is NOT ACTIVE.

Partition starts at LBA: 240 Numsec = 3987216

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2041577472 bytes

Sector size: 512 bytes

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa80091f6790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009705910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80091f6790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009700b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa80091f1790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009703b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80091f1790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009688b60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa80091f3790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009702b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80091f3790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80096f8b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa80091ee790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009706b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80091ee790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80096ffb60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Read File: File "C:\ProgramData\{4EF77D37-415C-4195-AE30-904ED23A3940}\iLividSetupV1.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{4EF77D37-415C-4195-AE30-904ED23A3940}\instance.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.lan" is compressed (flags = 1)

Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\instance.dat" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

Good morning nncout,

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

=====

Also, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

=====

In your reply please post the contents of the following logs:

  • JRT.txt.
  • OTL.txt.
  • Extras.txt.

Link to post
Share on other sites

Good day!

Here are the logs....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.3.4 (11.19.2012)

OS: Windows 7 Home Premium x64

Ran by Jimmy on 19/11/2012 at 17:56:38.23

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bProtector Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_classes_root\appid\babylonhelper.exe"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jimmy\appdata\locallow\datamngr"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\crossriderapp5060@crossrider.com

Successfully deleted: [File] C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\blekkotb.xml

Successfully deleted the following from "C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js"

user_pref("extensions.crossrider.bic", "13970ac45d1fea38dfe70a3d79b4c9f2");

user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,");

user_pref("extentions.y2layers.installId", "9b328715-24ae-461e-8bba-b4f73784588c");

user_pref("extentions.y2layers.lastDnsTest", 370011);

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 19/11/2012 at 17:57:50.11

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

OTL logfile created on: 19/11/2012 6:06:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free

15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFS

Drive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFS

Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FAT

Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/01/13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/10/30 09:07:09 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2012/10/08 23:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/19 16:48:47 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/03/16 09:08:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/08/05 13:37:30 | 000,098,168 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori)

SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/01/13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/01/13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2009/11/18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/10/12 00:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009/10/02 05:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Documents\AC3D\Elemental Swords

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D6 E2 D7 6E 35 CD 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {E1B4F045-104E-4B2E-B36A-4609F37B6AFB}

IE - HKCU\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

IE - HKCU\..\SearchScopes\{E1B4F045-104E-4B2E-B36A-4609F37B6AFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 23:30:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/27 20:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions

[2010/09/10 18:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2012/11/19 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions

[2011/12/03 11:31:34 | 000,000,000 | ---D | M] ("Facecons") -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com

[2012/05/18 21:23:11 | 000,002,266 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Google.xml

[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/09/27 23:00:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2

[2012/09/27 23:00:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F}

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{F9BBF004-6E40-4019-8214-C43A37E1D058}

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM

[2012/03/18 14:04:42 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/18 14:04:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/18 14:04:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/18 16:24:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll (Facecons)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe File not found

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found

O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1

O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found

O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 18:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe

[2012/11/19 17:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/11/19 17:56:08 | 000,000,000 | ---D | C] -- C:\JRT

[2012/11/18 16:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/18 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\mbar

[2012/11/18 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/18 16:12:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/18 16:12:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/18 16:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/18 16:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/18 16:11:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/18 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A20A790-2BE4-42C2-A158-6E2BB9FCA1C5}

[2012/11/18 13:31:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr

[2012/11/17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644}

[2012/11/16 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/16 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/16 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/11/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2012/11/11 20:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/11/11 20:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/10 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE}

[2012/11/10 20:32:02 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

[2012/11/10 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1}

[2012/11/10 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A}

[2012/11/10 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E}

[2012/11/09 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2}

[2012/11/08 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A}

[2012/11/07 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4}

[2012/11/06 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65}

[2012/11/05 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0}

[2012/11/05 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA}

[2012/11/05 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/11/05 23:11:55 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/11/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7}

[2012/11/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73}

[2012/10/31 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE}

[2012/10/28 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6}

[2012/10/26 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe

[2012/11/19 17:58:03 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/19 17:58:03 | 000,676,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/19 17:58:03 | 000,130,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/19 17:56:06 | 000,895,317 | ---- | M] () -- C:\Users\Jimmy\Desktop\JRT.exe

[2012/11/19 17:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 06:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/19 06:41:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/18 16:43:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/18 16:24:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/18 15:59:16 | 000,543,531 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe

[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat

[2012/11/17 11:47:50 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr

[2012/11/16 21:21:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/10 20:38:19 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe

[2012/11/08 13:12:01 | 446,057,499 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/05 23:11:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/10/31 14:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job

[2012/10/30 13:58:33 | 000,243,681 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf

[2012/10/30 13:57:02 | 000,243,695 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf

[2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/10/22 14:31:54 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/19 17:55:52 | 000,895,317 | ---- | C] () -- C:\Users\Jimmy\Desktop\JRT.exe

[2012/11/18 16:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/18 16:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/18 16:12:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/18 16:12:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/18 16:12:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/18 15:59:04 | 000,543,531 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe

[2012/11/18 13:24:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat

[2012/11/16 21:21:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/10 20:38:12 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe

[2012/11/05 23:11:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/10/31 13:50:02 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job

[2012/10/30 13:58:33 | 000,243,681 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf

[2012/10/30 13:57:02 | 000,243,695 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf

[2012/10/02 17:04:04 | 000,017,408 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\WebpageIcons.db

[2012/09/19 16:48:52 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/19 16:48:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/03/13 12:22:38 | 000,002,078 | ---- | C] () -- C:\Windows\wininit.ini

[2012/01/27 15:59:30 | 000,025,397 | ---- | C] () -- C:\Users\Jimmy\CrossFire_1082.dlbt

[2011/12/03 14:28:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011/10/31 19:31:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe

[2011/10/31 19:31:01 | 000,277,366 | ---- | C] () -- C:\Windows\unins000.dat

[2011/09/07 08:04:05 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{0839F303-1221-445F-8C98-AEB75D5C32B9}

[2011/06/18 11:29:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/06/08 22:41:48 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sxxssul.dll

[2011/05/30 14:13:24 | 004,427,872 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.0

[2011/05/30 14:13:24 | 001,198,354 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.JPG

[2011/05/26 19:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/04/04 11:49:23 | 003,788,320 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.0

[2011/04/04 11:49:23 | 000,740,779 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.JPG

[2010/12/12 14:56:32 | 000,566,540 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.JPG

[2010/11/30 21:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/11/30 21:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010/10/07 16:34:00 | 000,545,617 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.1

[2010/10/07 16:33:59 | 000,547,161 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.0

[2010/09/03 11:10:34 | 000,000,093 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/11/18 13:36:27 | 000,069,662 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2012/11/18 15:59:43 | 000,069,902 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat

[2012/11/18 16:26:21 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt

[2012/08/24 16:10:01 | 000,000,009 | ---- | M] () -- C:\END

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2010/09/07 17:50:32 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT

[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2012/11/19 17:53:10 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys

[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Link to post
Share on other sites

OTL logfile created on: 19/11/2012 6:06:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free

15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFS

Drive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFS

Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FAT

Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/01/13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/10/30 09:07:09 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2012/10/08 23:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/19 16:48:47 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/03/16 09:08:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/08/05 13:37:30 | 000,098,168 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori)

SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/01/13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/01/13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2009/11/18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/10/12 00:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009/10/02 05:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Documents\AC3D\Elemental Swords

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D6 E2 D7 6E 35 CD 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {E1B4F045-104E-4B2E-B36A-4609F37B6AFB}

IE - HKCU\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

IE - HKCU\..\SearchScopes\{E1B4F045-104E-4B2E-B36A-4609F37B6AFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 23:30:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/27 20:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions

[2010/09/10 18:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2012/11/19 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions

[2011/12/03 11:31:34 | 000,000,000 | ---D | M] ("Facecons") -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com

[2012/05/18 21:23:11 | 000,002,266 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Google.xml

[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/09/27 23:00:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2

[2012/09/27 23:00:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F}

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{F9BBF004-6E40-4019-8214-C43A37E1D058}

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM

File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM

[2012/03/18 14:04:42 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/18 14:04:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/18 14:04:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/18 16:24:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll (Facecons)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe File not found

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found

O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1

O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found

O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 18:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe

[2012/11/19 17:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/11/19 17:56:08 | 000,000,000 | ---D | C] -- C:\JRT

[2012/11/18 16:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/18 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\mbar

[2012/11/18 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/18 16:12:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/18 16:12:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/18 16:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/18 16:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/18 16:11:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/18 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A20A790-2BE4-42C2-A158-6E2BB9FCA1C5}

[2012/11/18 13:31:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr

[2012/11/17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644}

[2012/11/16 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/16 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/16 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/11/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2012/11/11 20:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/11/11 20:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/10 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE}

[2012/11/10 20:32:02 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

[2012/11/10 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1}

[2012/11/10 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A}

[2012/11/10 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E}

[2012/11/09 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2}

[2012/11/08 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A}

[2012/11/07 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4}

[2012/11/06 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65}

[2012/11/05 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0}

[2012/11/05 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA}

[2012/11/05 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/11/05 23:11:55 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/11/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7}

[2012/11/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73}

[2012/10/31 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE}

[2012/10/28 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6}

[2012/10/26 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe

[2012/11/19 17:58:03 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/19 17:58:03 | 000,676,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/19 17:58:03 | 000,130,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/19 17:56:06 | 000,895,317 | ---- | M] () -- C:\Users\Jimmy\Desktop\JRT.exe

[2012/11/19 17:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 06:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/19 06:41:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/18 16:43:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/18 16:24:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/18 15:59:16 | 000,543,531 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe

[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat

[2012/11/17 11:47:50 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr

[2012/11/16 21:21:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/10 20:38:19 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe

[2012/11/08 13:12:01 | 446,057,499 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/05 23:11:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/10/31 14:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job

[2012/10/30 13:58:33 | 000,243,681 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf

[2012/10/30 13:57:02 | 000,243,695 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf

[2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/10/22 14:31:54 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/19 17:55:52 | 000,895,317 | ---- | C] () -- C:\Users\Jimmy\Desktop\JRT.exe

[2012/11/18 16:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/18 16:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/18 16:12:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/18 16:12:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/18 16:12:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/18 15:59:04 | 000,543,531 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe

[2012/11/18 13:24:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat

[2012/11/16 21:21:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/10 20:38:12 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe

[2012/11/05 23:11:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/10/31 13:50:02 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job

[2012/10/30 13:58:33 | 000,243,681 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf

[2012/10/30 13:57:02 | 000,243,695 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf

[2012/10/02 17:04:04 | 000,017,408 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\WebpageIcons.db

[2012/09/19 16:48:52 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/19 16:48:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/03/13 12:22:38 | 000,002,078 | ---- | C] () -- C:\Windows\wininit.ini

[2012/01/27 15:59:30 | 000,025,397 | ---- | C] () -- C:\Users\Jimmy\CrossFire_1082.dlbt

[2011/12/03 14:28:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011/10/31 19:31:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe

[2011/10/31 19:31:01 | 000,277,366 | ---- | C] () -- C:\Windows\unins000.dat

[2011/09/07 08:04:05 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{0839F303-1221-445F-8C98-AEB75D5C32B9}

[2011/06/18 11:29:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/06/08 22:41:48 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sxxssul.dll

[2011/05/30 14:13:24 | 004,427,872 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.0

[2011/05/30 14:13:24 | 001,198,354 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.JPG

[2011/05/26 19:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/04/04 11:49:23 | 003,788,320 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.0

[2011/04/04 11:49:23 | 000,740,779 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.JPG

[2010/12/12 14:56:32 | 000,566,540 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.JPG

[2010/11/30 21:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/11/30 21:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010/10/07 16:34:00 | 000,545,617 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.1

[2010/10/07 16:33:59 | 000,547,161 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.0

[2010/09/03 11:10:34 | 000,000,093 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/11/18 13:36:27 | 000,069,662 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2012/11/18 15:59:43 | 000,069,902 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat

[2012/11/18 16:26:21 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt

[2012/08/24 16:10:01 | 000,000,009 | ---- | M] () -- C:\END

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2010/09/07 17:50:32 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT

[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2012/11/19 17:53:10 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys

[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Link to post
Share on other sites

Sorry, posted the same log twice!! Here is the correct third one....

OTL Extras logfile created on: 19/11/2012 6:06:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free

15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFS

Drive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFS

Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FAT

Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0327FFC8-2332-4D37-B1B3-896C620855B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{153D77B8-A254-489D-8A0D-7B76F7EE11A7}" = rport=139 | protocol=6 | dir=out | app=system |

"{32D40E0F-856C-4B1F-A242-58F48AFA8237}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{350C6887-5617-4AED-88F0-C358503E3CE1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{35583BA4-7517-4B74-A904-B19540EC5316}" = lport=2869 | protocol=6 | dir=in | app=system |

"{38D43054-061C-43EA-99E1-542C5FBA3359}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{41A4CD54-4407-4581-985D-AD620991BDB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4A2F3F35-A108-4AD1-9AF2-02210400F83E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{53E1D71C-8981-4278-8B8C-1B51AAA5A9C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{547E0010-C88C-4668-B5E7-4330C4134957}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{5750B4DC-3E18-4B14-9D22-5C034A2B80B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{585AC2DC-B47C-4A3B-A155-5ED4264B9CE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{66B26965-4657-46BC-AFAC-BD256FC6BF87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{6E2FE5C4-B844-4A07-B455-797094B06C0E}" = rport=445 | protocol=6 | dir=out | app=system |

"{6EE75CB2-2ED2-49D8-B1D3-0AA549990748}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7058F735-5177-4834-AB2C-04095A5469C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{79094FA4-84E9-439B-93B3-4937F59B0157}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7A7C45ED-E50F-4348-8F8A-7F9409702B42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{814A5659-7789-404E-B534-D41FBEA4FD99}" = lport=139 | protocol=6 | dir=in | app=system |

"{85877DF6-4487-43B4-893E-52D4B37508E9}" = lport=445 | protocol=6 | dir=in | app=system |

"{8BF9409F-78A4-417D-A44C-F4C0D1A1A5CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9421251B-937D-47CA-B174-B115800085D2}" = rport=138 | protocol=17 | dir=out | app=system |

"{B7276213-8221-4F75-AB8D-3E97269FAD85}" = lport=137 | protocol=17 | dir=in | app=system |

"{BA24AE5E-766C-4AC0-AC6D-EDDB60AF84DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CBA249DD-E858-4344-908B-062D5858D0AB}" = rport=10243 | protocol=6 | dir=out | app=system |

"{EF56E154-2E80-4533-ACE2-81A15EA31438}" = lport=138 | protocol=17 | dir=in | app=system |

"{F022DBE6-F62E-454F-BCBC-FCABC583EC49}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01F8DE67-A521-4651-BF3F-CEACA09C4B5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{05BE491A-EE23-468C-8168-AFA5C2C7728C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{0C185EAF-0FF2-4F52-8C7E-83090E8ED968}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0C375612-07EA-4628-9E52-4A3295A0491B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0D42CED0-B2FB-48A8-8B7F-77BD793F451C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0DB8D7CF-080B-49F3-866B-EF04BEBC3549}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{0E93593F-4342-4F46-85A0-B60DFC84FEAD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"{13F0D570-B325-40D1-903B-2B2431EAF840}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |

"{14ABFDA5-FFC5-470F-9CC1-7766DA20A854}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{16B91331-B86F-4632-AE7F-1FBDF5D94DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |

"{18D54D6A-E6B0-49DA-98AF-3F43BF2CE750}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\h462825q\crossfire_downloader.exe |

"{1A7EED71-A627-4CC7-AEA0-E241E35118DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{1E72D1AE-3002-4F4D-9BDE-4D448D2A2230}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{22BF683C-0FBE-49A9-8476-48EC87579A01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |

"{246604E4-16C8-4FF6-91DF-F6BD222B2E69}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{27439393-51C8-495A-9ED9-46E6A2A45A54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |

"{2D03AACD-18A7-4EC4-86F6-02F889011A20}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |

"{2FE98003-AE6F-4F2F-9F64-81C4CBC22F97}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"{303F7C73-E73F-414F-847A-8F79BD9BE130}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3104E241-DE40-4073-91F4-2A2BD6C5489C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{3144D522-97B4-489E-97AF-F4EBB45F2254}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"{346FC3D1-4E80-4F67-81EB-0C6BA834EA39}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{352D2971-CD80-45CB-9B53-C336FDF853E3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"{353ED273-E569-4E6B-B59A-3AB8CB331E0F}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\temp\cf_downloader.exe |

"{3B5A13EC-E011-42EC-B5A9-189E4C50D5C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{3BE18569-0122-4B23-8EF4-5E96C84FBD74}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{410E1682-5162-4B62-9442-BC04ABCE6D7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |

"{4213015D-EC14-4F7F-8297-C19E12AF8B63}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{42222F8F-436A-413D-A0F3-653BE746A18F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4436EA5F-A698-4249-99CD-A010C8B74703}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4A69845A-B4A5-4FBC-8BDE-545E6A32F852}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |

"{4BA5B324-346D-4E88-BA90-2E721750CA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{4BC7DEA8-1C0D-4EC4-8018-07ED13D56806}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{4CB5782D-C9AD-4454-9EE1-DEDDFBBCA1F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{4D2AD28D-4AF2-4B8B-86BD-89DA0BB9BD6A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{4DD3BCF8-20E5-4EB4-88EC-7DC3671DA893}" = protocol=58 | dir=in | app=system |

"{4E626C70-FD17-46E9-A53C-A7CA19F8F11F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{540A22BC-FAEA-444E-B6BD-9AA23D92E725}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{5494D21E-95AA-4612-83FC-8A77157DE8BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{58497AA3-86A9-435B-921C-E4F96B58FE94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |

"{59BFB716-0B05-4C07-8042-B6B80A3722BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |

"{5A5CE321-4910-4937-8E50-1F56861A665E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |

"{5BFB5D72-5C01-4A87-8F66-F59AB0767C16}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\h462825q\crossfire_downloader.exe |

"{5C07D5E6-39FA-4FE6-815D-E7A8CB6377A5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{5C62B81E-A0B5-4D87-8CC5-635F2CEB38E9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5DC3B6B9-8021-4E67-8155-EB6E79279B22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5E3E0ECF-B83C-4FC6-8C0E-BFCF52089C1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{5EDC1872-DF77-4228-A935-65060B980B33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6A1AEF95-93BD-492E-BBC6-F788037E2B36}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{6A6819AC-A37C-4FEF-9184-7F5A4C34B5DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{6B122F6D-7AA8-4979-B443-2B4AE15244A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe |

"{6BBD410A-9E86-46D5-8E15-59ABE3513797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6FA07C27-73CF-4F1B-B70E-1CD77674A4C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{70463810-7270-4762-B2A0-5F13922BB73E}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |

"{739BB06B-9E63-4E83-B458-5F382E549374}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"{768DDEB1-9842-435D-9941-ED71A332D49B}" = protocol=6 | dir=out | app=system |

"{771D42A1-3347-425D-896E-3CE69DFF4E3D}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{787C8450-FF1F-4A0D-A5BE-48A04FDEBC3E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"{7A1E5623-5D6E-4D57-BB45-7F43284FD2C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7AC32C30-F451-49B7-98B2-3BA859B912CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{7BC5D08F-39B4-4859-895C-BC8327FDBD0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7F01108A-A69A-4C68-9F68-1678CB2ED402}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |

"{8201C36A-CB3E-4EA2-AADD-AF570E62EFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{82A9A3FA-09FF-4947-9ED0-04BB1DBC20D6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{82E1F4F4-601E-4E45-A207-7B2F61E91207}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{888FB844-262D-4F0A-91FF-1127456D2864}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |

"{89F56427-29B9-41BC-A95A-C9C189B27AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8AA7A3C2-9FDC-4845-89BC-9BE9B7400EC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{8CEECDB2-A01A-487D-A8D1-7F29103F4AA2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{8F55A89D-CF1B-43EF-8BD9-ED7C6BC9C32F}" = protocol=17 | dir=in | app=c:\users\jimmy\desktop\crossfire_downloader.exe |

"{940E55F9-F6D6-4A1E-8813-6B3FFC2B26D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{973EDEE7-8BFF-41D2-B1DE-66FA38681330}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"{9A4A24CC-DFB0-4B76-8186-6C120EEE1E75}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9D578739-C56E-4E7F-9458-E1C7D1CA8E07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{9D7A8379-F0F0-4941-9A30-05155D63F76C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |

"{A3DE5861-787C-43B4-A8F4-00AE54A79227}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{A6663CBC-83C6-400A-A9DC-A25F4493FDFD}" = protocol=6 | dir=in | app=c:\users\jimmy\desktop\crossfire_downloader.exe |

"{B13D075D-A359-4167-9DCE-964F000F67F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{B16EA776-9F7E-4B9C-96C9-62C9A96167B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |

"{B262F8E7-CA6D-4198-99F0-E9B5D52C55B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{B9DFE6A8-DECB-402A-B8BE-2538A5BA6468}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |

"{BCB1C49B-80F2-4F91-B6F4-9B250D06B3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |

"{C044F4C9-CB89-4C69-B901-8A7EE8958D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |

"{C221F2A7-35BA-4016-9674-9E7C082F2CA1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C54F2F5B-9943-45B8-BD18-110B92FF56A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{C6DFD3F1-DCFA-4C04-A7AA-2A773F5948FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{C7DDD2C4-57DB-49DE-8742-267DF5FE0BE6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{C7E4A228-B3C4-4368-91AC-9DF397FB0B1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C805D5CA-91C5-492C-933C-4BB3A83AF9A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CAC56078-01AA-4543-8268-B7F539E54BE4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{CB0407E4-B7D4-41F6-834A-2306703FF516}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe |

"{CC20BA08-03BD-4375-A28B-4E397B2EAB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |

"{CF92011B-C2BE-43D7-A07E-AD63B447D9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D165D014-12B7-4542-B18F-07061C29F16E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |

"{D38AAEB8-FD73-47FF-A068-0969D854011E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D397CE4D-5D30-4617-A4C3-7A23BBCF4298}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\temp\cf_downloader.exe |

"{D729C969-70E2-429D-8F78-42681E04FE33}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |

"{D7B1F43C-834B-40B2-9237-8455B940D6EC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{D827C42A-CF90-4531-BD71-8173CFFC9820}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{DB09A59D-9AA9-4CBA-A1C7-26B3D48FB36F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{DEA6426C-A222-4383-A490-4847ECBF4FC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E1BDCCCC-D86B-4B71-BCD0-77EB8F8C0AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |

"{E2369942-F5BD-4BF5-BF53-E332851CEF8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |

"{E3603BC8-6BF6-4551-B3A7-9F72B7F80671}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{E431F8C2-AA73-42FE-802E-A694A831952D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{E4441B13-B164-486B-A431-ECA9ED84FB59}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E507AF17-8CC3-445C-960A-867CE3F3E92A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |

"{E59F570B-DC6B-4F82-B869-5AF8986A3F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{E660ACAC-2A80-4846-95E8-00D62A16ED90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E694BB86-3E9A-49F9-9219-4FFC13B96518}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EB46268F-F540-4022-B6FA-C8C204C90E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{EC7503C1-9A36-41F0-8585-1968BEA520A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{EEF292DB-8460-401E-8399-95982CCE16C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{F5C3D336-B5B1-490C-AFB9-529E8F558C7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{F78868DF-ACF2-496D-9965-362F8C82ADD7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{1998ECAF-B5AA-4C97-BE7C-C690BDD7E81A}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |

"TCP Query User{2F12507E-B169-49AA-9B40-F534F29715AE}C:\program files (x86)\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |

"TCP Query User{4B7A3CF0-4783-4F95-BDE3-EDB78F9FB51A}C:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe |

"TCP Query User{564F0D5E-F366-4DA7-AEAF-4E45368285F4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{778D0701-5899-44ED-B56D-924C5DA49C86}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"TCP Query User{7A45BE56-007E-46CD-A6A3-A4475423EBF7}C:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe |

"TCP Query User{8D127963-EEF4-4EDB-90D7-F5B9E67852A1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"TCP Query User{A361CCC8-E6E3-4CDF-9625-5E0D9B7A76DF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{C720E95F-1FDC-4AE8-BAC4-97279D526021}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{CF970F89-35A3-4512-A2D4-FEB86AF9D62E}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |

"UDP Query User{15350FE2-A82F-4409-932D-B891CCB86DB2}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |

"UDP Query User{2BB4F892-8D0F-4377-BF72-9E15D87DE1A1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"UDP Query User{3FDB2CED-613E-49F6-AA93-40D5E1403B43}C:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe |

"UDP Query User{4051FF79-28D4-4BE6-A07F-7830F59F1DF3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"UDP Query User{43C62F9C-F468-4ED9-A1FF-12E4F203EE04}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{67A13C57-0A2E-4951-80CD-C6227E499278}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{7CFC49B4-3E02-45F4-BB99-0CD8CBC4EE32}C:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe |

"UDP Query User{A3D52D64-2BFE-4B75-8EE8-C39E12355017}C:\program files (x86)\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |

"UDP Query User{E168798D-0B68-4A3C-9492-C0D65BAF3329}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |

"UDP Query User{E17A4D5D-838D-46FA-ABD2-81B82BBECCE6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D15DB57-D8C4-1D54-498C-B786A485C0EB}" = ATI Catalyst Install Manager

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE7D0221-74C3-1945-3458-7F267F30A595}" = ccc-utility64

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0667699C-D5DE-FBA1-BC55-31D81FAFDD91}" = Catalyst Control Center Localization All

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CD97270-111F-D929-18E7-E2107FE4499F}" = Catalyst Control Center Graphics Full New

"{0D297E80-6159-ABD7-3A14-16CFDAFA44A7}" = CCC Help Japanese

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011

"{146DD810-14C5-1D89-5B99-3A1B4C05C8E2}" = CCC Help Chinese Traditional

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22C8FE90-9B4D-2E60-1E8F-9C7256A654C3}" = CCC Help Hungarian

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{25B15553-04FF-597C-7D53-DB99A148A09D}" = Catalyst Control Center Graphics Full Existing

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{295FF653-9288-4635-0FDE-05FCDD1859F3}" = CCC Help Thai

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36C6FD07-1A5E-6DBF-C981-AD0582B32630}" = CCC Help Dutch

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{4220D867-4A00-9D05-761D-F5A3E379C119}" = CCC Help Chinese Standard

"{422F3C60-2286-C542-9A05-E14C13EB78C8}" = CCC Help Greek

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{49172BBD-1298-BB63-3EE8-C4FD4C3DB2FB}" = CCC Help Russian

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B665392-2870-F48D-C1B8-031D6475C885}" = Catalyst Control Center Core Implementation

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E4B05A7-B027-A08D-4D8F-3D7B55D4C0FF}" = Catalyst Control Center Graphics Light

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{54159469-0D79-E4CF-E9EB-5575FC0AD254}" = CCC Help English

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57A67EC6-0652-4C0A-B8D4-20CD437AD033}" = Catalyst Control Center - Branding

"{5C949985-1C8D-C079-F783-7C71F0B35F0D}" = CCC Help Spanish

"{60827CA0-E66E-0EDA-C0F1-FAC67D6E1D20}" = Catalyst Control Center Graphics Previews Vista

"{636AF808-FF89-3751-0F87-6EC11BF7F496}" = HydraVision

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{674EE6C1-FF81-21F9-C648-2DFC9FB8C3C8}" = CCC Help Danish

"{677D2BD9-C66F-27D4-55DA-FED6438B5F81}" = CCC Help Norwegian

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{704DE25A-1899-BDB3-415E-30F5200F4CC0}" = CCC Help Polish

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71B155B6-72CB-60A2-DF7D-F54C1348CE88}" = CCC Help Korean

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E0FF63C-9263-7847-887D-CF63233E9D66}" = CCC Help Finnish

"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8A73BE7B-7289-73A3-EAC2-36A5EBA4B2E4}" = Catalyst Control Center Graphics Previews Common

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92910761-561E-C478-E900-3F9466E5B17A}" = CCC Help Swedish

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A67DCD0F-A9B3-3126-DB5F-B98FBECB628B}" = CCC Help French

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B70891D5-6072-3739-09A5-0C4E0B62DCF9}" = Catalyst Control Center HydraVision Full

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{DB00E2D1-6BC3-E880-8460-5A32357DA454}" = CCC Help German

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDFFF397-CFE1-BA87-4DC9-437C24458655}" = CCC Help Italian

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E74E7ACF-83BF-FC49-AD24-DB643672DE11}" = CCC Help Turkish

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F177CDAF-0A53-9B0D-A0F1-E83E237CA2A6}" = Catalyst Control Center InstallProxy

"{F19EAEBF-5A57-651A-D8ED-7B7ECF3AD10B}" = ccc-core-static

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F3CA2969-A9E4-395A-17F5-A329752A8CCE}" = CCC Help Czech

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FECBABDE-CDFA-CE29-23E2-443139BC0136}" = CCC Help Portuguese

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"AC3D 6.8.14_is1" = AC3D 6.8.14

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"aMSN" = aMSN 0.98.4

"Autobahn" = NexDef Plug-in

"facecons" = facecons

"HP Remote Solution" = HP Remote Solution

"iBryte_playbryte" = PlayBryte

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"IrfanView" = IrfanView (remove only)

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Messenger Plus!" = Messenger Plus! 5

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PunkBusterSvc" = PunkBuster Services

"Sendori" = Sendori

"Steam App 113400" = APB Reloaded

"Steam App 212180" = Combat Arms

"Steam App 91310" = Dead Island

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]

Error - 02/05/2012 11:05:47 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0

Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 09/05/2012 11:44:08 AM | Computer Name = J