nncout Posted November 17, 2012 ID:614148 Share Posted November 17, 2012 Computer is seriously lagging. Can't do much with it, extremely slow. Ran malwarebytes and spybotbut same issues..UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 07/08/2010 11:28:03 AMSystem Uptime: 17/11/2012 12:22:56 PM (0 hours ago).Motherboard: MSI | | IONAProcessor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 770.701 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.621 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: 802.11n Wireless LAN CardDevice ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3Manufacturer: Ralink Technology, Corp.Name: 802.11n Wireless LAN CardPNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3Service: netr28x.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer:Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.==== System Restore Points ===================.RP386: 09/11/2012 7:49:46 PM - Windows Update.==== Installed Programs ======================.AC3D 6.8.14ActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.1aMSN 0.98.4APB Reloadedappbario8 ToolbarApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerBonjourBrowser ManagerCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCombat ArmsCompatibility Pack for the 2007 Office systemCyberLink DVD Suite DeluxeD3DX10Dead IslandDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDirectX for Managed Code Update (Summer 2004)DVD Menu Pack for HP MediaSmart VideofaceconsGoogle Toolbar for Internet ExplorerGoogle Update HelperHP AdvisorHP Customer Experience EnhancementsHP GamesHP MediaSmart DVDHP MediaSmart Music/Photo/VideoHP MediaSmart SmartMenuHP OdometerHP Remote SolutionHP SetupHP Support AssistantHP Support InformationHP UpdateHPAsset component for HP Active Support LibraryHydraVisioniCloudIntel® Rapid Storage TechnologyIrfanView (remove only)iTunesJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1Junk Mail filter updateKaspersky Internet Security 2012LabelPrintLernout & Hauspie TruVoice American English TTS EngineLightScribe System SoftwareLogMeIn HamachiMalwarebytes Anti-Malware version 1.65.1.1000Mesh RuntimeMessenger CompanionMessenger Plus! 5Microsoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Live Search ToolbarMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Home and Student 60 day trialMicrosoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bitMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMicrosoft XNA Framework Redistributable 4.0MobileMe Control PanelMovie Theme Pack for HP MediaSmart VideoMozilla Firefox 9.0.1 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NexDef Plug-inNVIDIA PhysXPando Media BoosterPlayBrytePlayReady PC Runtime amd64POV-Ray for Windows v3.62Power2GoPowerDirectorPunkBuster ServicesQuickTimeRealtek High Definition Audio DriverRecovery ManagerSafariSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2553488) 32-Bit EditionSendoriSkype Click to CallSkype™ 5.10Spybot - Search & DestroySteamTurboTax 2010TurboTax 2011Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553272) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598289) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVgrabber1 ToolbarVoiceOver KitWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.20 (32-bit)Yontoo Layers Runtime 1.10.01.==== Event Viewer Messages From Past Week ========.17/11/2012 12:23:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}17/11/2012 12:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}17/11/2012 12:23:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}17/11/2012 12:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}17/11/2012 12:23:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:21:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.17/11/2012 12:18:51 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.17/11/2012 11:45:06 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.17/11/2012 10:13:15 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.16/11/2012 9:38:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.16/11/2012 9:36:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.16/11/2012 9:36:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.16/11/2012 9:35:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF spldr Wanarpv616/11/2012 7:46:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sendori service.16/11/2012 7:34:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NATALIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}. The master browser is stopping or an election is being forced.16/11/2012 3:59:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C71DCB6-848C-4E73-9571-BCE123CE7E65}. The master browser is stopping or an election is being forced.16/11/2012 10:09:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.16/11/2012 10:08:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Browser Manager service to connect.16/11/2012 10:08:15 PM, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.16/11/2012 10:05:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.16/11/2012 10:05:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.13/11/2012 12:55:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.13/11/2012 1:05:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.13/11/2012 1:05:36 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/11/2012 4:21:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}12/11/2012 3:55:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.12/11/2012 3:55:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.12/11/2012 3:54:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.11/11/2012 9:57:31 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.11/11/2012 9:57:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.11/11/2012 9:57:14 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:55:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.11/11/2012 9:55:26 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:54:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.11/11/2012 9:54:56 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:54:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.11/11/2012 9:54:21 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:53:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.11/11/2012 9:53:09 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:52:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.11/11/2012 9:32:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:32:04 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:07:44 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.11/11/2012 8:44:04 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.11/11/2012 7:51:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.11/11/2012 7:15:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.11/11/2012 7:15:25 PM, Error: Service Control Manager [7022] - The Portable Device Enumerator Service service hung on starting.11/11/2012 7:15:18 PM, Error: Service Control Manager [7022] - The Server service hung on starting.11/11/2012 7:13:41 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.11/11/2012 7:11:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.11/11/2012 7:11:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 7:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/11/2012 7:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}11/11/2012 7:10:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.11/11/2012 7:10:15 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 7:04:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sendori service to connect.11/11/2012 7:04:06 PM, Error: Service Control Manager [7000] - The Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 7:03:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.11/11/2012 7:03:36 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 10:02:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.11/11/2012 10:02:22 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 8:23:12 PM, Error: Service Control Manager [7034] - The Sendori service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:23:00 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:22:47 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:21:51 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:21:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.10/11/2012 7:58:17 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).10/11/2012 4:51:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.10/11/2012 4:51:42 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 4:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}10/11/2012 4:50:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.10/11/2012 4:50:22 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 4:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}10/11/2012 3:44:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the p2psvc service.10/11/2012 3:44:41 PM, Error: Service Control Manager [7000] - The Peer Networking Grouping service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 3:44:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}10/11/2012 3:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.10/11/2012 3:34:14 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.10/11/2012 3:33:06 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.10/11/2012 2:56:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}10/11/2012 2:55:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.10/11/2012 2:55:29 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 2:22:16 PM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.10/11/2012 2:11:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.10/11/2012 1:13:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP..==== End Of File ===========================.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 07/08/2010 11:28:03 AMSystem Uptime: 17/11/2012 12:22:56 PM (0 hours ago).Motherboard: MSI | | IONAProcessor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 770.701 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.621 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: 802.11n Wireless LAN CardDevice ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3Manufacturer: Ralink Technology, Corp.Name: 802.11n Wireless LAN CardPNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3Service: netr28x.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer:Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.==== System Restore Points ===================.RP386: 09/11/2012 7:49:46 PM - Windows Update.==== Installed Programs ======================.AC3D 6.8.14ActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.1aMSN 0.98.4APB Reloadedappbario8 ToolbarApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerBonjourBrowser ManagerCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCombat ArmsCompatibility Pack for the 2007 Office systemCyberLink DVD Suite DeluxeD3DX10Dead IslandDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDirectX for Managed Code Update (Summer 2004)DVD Menu Pack for HP MediaSmart VideofaceconsGoogle Toolbar for Internet ExplorerGoogle Update HelperHP AdvisorHP Customer Experience EnhancementsHP GamesHP MediaSmart DVDHP MediaSmart Music/Photo/VideoHP MediaSmart SmartMenuHP OdometerHP Remote SolutionHP SetupHP Support AssistantHP Support InformationHP UpdateHPAsset component for HP Active Support LibraryHydraVisioniCloudIntel® Rapid Storage TechnologyIrfanView (remove only)iTunesJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1Junk Mail filter updateKaspersky Internet Security 2012LabelPrintLernout & Hauspie TruVoice American English TTS EngineLightScribe System SoftwareLogMeIn HamachiMalwarebytes Anti-Malware version 1.65.1.1000Mesh RuntimeMessenger CompanionMessenger Plus! 5Microsoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Live Search ToolbarMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Home and Student 60 day trialMicrosoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bitMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMicrosoft XNA Framework Redistributable 4.0MobileMe Control PanelMovie Theme Pack for HP MediaSmart VideoMozilla Firefox 9.0.1 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NexDef Plug-inNVIDIA PhysXPando Media BoosterPlayBrytePlayReady PC Runtime amd64POV-Ray for Windows v3.62Power2GoPowerDirectorPunkBuster ServicesQuickTimeRealtek High Definition Audio DriverRecovery ManagerSafariSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2553488) 32-Bit EditionSendoriSkype Click to CallSkype™ 5.10Spybot - Search & DestroySteamTurboTax 2010TurboTax 2011Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553272) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598289) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVgrabber1 ToolbarVoiceOver KitWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.20 (32-bit)Yontoo Layers Runtime 1.10.01.==== Event Viewer Messages From Past Week ========.17/11/2012 12:23:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}17/11/2012 12:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}17/11/2012 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}17/11/2012 12:23:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}17/11/2012 12:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}17/11/2012 12:23:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:23:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.17/11/2012 12:21:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.17/11/2012 12:18:51 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.17/11/2012 11:45:06 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.17/11/2012 10:13:15 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.16/11/2012 9:38:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.16/11/2012 9:36:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.16/11/2012 9:36:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.16/11/2012 9:35:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF spldr Wanarpv616/11/2012 7:46:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sendori service.16/11/2012 7:34:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NATALIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}. The master browser is stopping or an election is being forced.16/11/2012 3:59:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C71DCB6-848C-4E73-9571-BCE123CE7E65}. The master browser is stopping or an election is being forced.16/11/2012 10:09:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.16/11/2012 10:08:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Browser Manager service to connect.16/11/2012 10:08:15 PM, Error: Service Control Manager [7000] - The Browser Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.16/11/2012 10:05:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.16/11/2012 10:05:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.13/11/2012 12:55:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.13/11/2012 1:05:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.13/11/2012 1:05:36 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/11/2012 4:21:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}12/11/2012 3:55:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.12/11/2012 3:55:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.12/11/2012 3:54:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.11/11/2012 9:57:31 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.11/11/2012 9:57:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.11/11/2012 9:57:14 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:55:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.11/11/2012 9:55:26 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:54:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.11/11/2012 9:54:56 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:54:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.11/11/2012 9:54:21 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:53:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.11/11/2012 9:53:09 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:52:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.11/11/2012 9:32:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:32:04 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:32:04 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 9:07:44 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.11/11/2012 8:44:04 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.11/11/2012 7:51:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.11/11/2012 7:15:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.11/11/2012 7:15:25 PM, Error: Service Control Manager [7022] - The Portable Device Enumerator Service service hung on starting.11/11/2012 7:15:18 PM, Error: Service Control Manager [7022] - The Server service hung on starting.11/11/2012 7:13:41 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.11/11/2012 7:11:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.11/11/2012 7:11:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 7:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/11/2012 7:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}11/11/2012 7:10:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.11/11/2012 7:10:15 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 7:04:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sendori service to connect.11/11/2012 7:04:06 PM, Error: Service Control Manager [7000] - The Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 7:03:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.11/11/2012 7:03:36 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/11/2012 10:02:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.11/11/2012 10:02:22 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 8:23:12 PM, Error: Service Control Manager [7034] - The Sendori service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:23:00 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:22:47 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:21:51 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).10/11/2012 8:21:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.10/11/2012 7:58:17 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).10/11/2012 4:51:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.10/11/2012 4:51:42 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 4:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}10/11/2012 4:50:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.10/11/2012 4:50:22 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 4:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}10/11/2012 3:44:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the p2psvc service.10/11/2012 3:44:41 PM, Error: Service Control Manager [7000] - The Peer Networking Grouping service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 3:44:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}10/11/2012 3:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.10/11/2012 3:34:14 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.10/11/2012 3:33:06 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.10/11/2012 2:56:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}10/11/2012 2:55:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.10/11/2012 2:55:29 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/11/2012 2:22:16 PM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.10/11/2012 2:11:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.10/11/2012 1:13:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP..==== End Of File =========================== Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 18, 2012 ID:614357 Share Posted November 18, 2012 I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. I notice this error in the log you posted:The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.Please see the below link to run the Check Disk:http://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/=====Next, please re-run DDS and post the contents of DDS.txt in your reply.=====Finally, please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.=====In your reply please provide the contents of the following logs:DDS.txt.AdwCleaner[R1].txt.How is your computer currently running? Link to post Share on other sites More sharing options...
nncout Posted November 18, 2012 Author ID:614485 Share Posted November 18, 2012 Thanks for responding! Ok I have done the check disk. I only did it to the C: drive, should I also do it to the D:?There were 4 bad sectors.My computer is still useless. If I start it up normally, it is so slow I can't do anything on it (can't open anything and VERY slowto close the start up programs...Messenger etc). My only option at that point is to press the power button to turn it off and restart in safe mode.Here are the logs:DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORKInternet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1Run by Jimmy at 13:31:10 on 2012-11-18Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.7164 [GMT -6:00].AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}uSearch Page = hxxp://www.bing.com/search?q={searchTerms}mStart Page = hxxp://home.sweetim.comuSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned>uURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dlluURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllmURLSearchHooks: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dllmURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllmWinlogon: Userinit = userinit.exe,BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - <orphaned>BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: FACECONS Class: {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dllBHO: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Vgrabber1 Toolbar: {F9BBF004-6E40-4019-8214-C43A37E1D058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dllTB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dllTB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>TB: Vgrabber1 Toolbar: {f9bbf004-6e40-4019-8214-c43a37e1d058} - C:\Program Files (x86)\Vgrabber1\prxtbVgra.dllTB: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEWuRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activexmRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exemRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startStartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Jimmy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exeStartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDOR~1.LNK - C:\Program Files (x86)\Sendori\SendoriTray.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E} : NameServer = 216.146.35.240,216.146.36.240,192.168.0.1TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E} : DHCPNameServer = 192.168.0.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dllHandler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: klogon - <no file>SSODL: WebCheck - <orphaned>x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dllx64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: klogon - C:\Windows\System32\klogon.dllx64-SSODL: WebCheck - <orphaned>Hosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=FF - prefs.js: browser.search.selectedEngine - Plus! NetworkFF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\plugins\np-mswmp.dllFF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-mswmp.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.BabylonToolbar_i.id - 3421d9cb0000000000006c626d04a8eeFF - user.js: extensions.BabylonToolbar_i.hardId - 3421d9cb0000000000006c626d04a8eeFF - user.js: extensions.BabylonToolbar_i.instlDay - 15311FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30:40FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9FF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.instlRef - sstFF - user.js: extentions.y2layers.installId - 9b328715-24ae-461e-8bba-b4f73784588cFF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,.============= SERVICES / DRIVERS ===============.R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 29488]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-12 56344]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-12 239616]S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-12 202752]S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [2012-8-24 1695776]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-12 13336]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-16 399432]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-16 676936]S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-8 1153368]S2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-8-5 98168]S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-12-3 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-1 25928]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-12 763904]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-7 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-11-17 18:17:27 -------- d-----w- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644}2012-11-17 03:21:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-11-17 01:39:59 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi2012-11-12 02:05:12 -------- d--h--w- C:\ProgramData\Common Files2012-11-12 02:05:12 -------- d-----w- C:\ProgramData\MFAData2012-11-11 02:41:12 -------- d-----w- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE}2012-11-11 02:38:12 181808 ----a-w- C:\Windows\RegBootClean.exe2012-11-11 02:32:02 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys2012-11-10 20:12:18 -------- d-----w- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1}2012-11-10 19:42:44 -------- d-----w- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A}2012-11-10 19:05:50 -------- d-----w- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E}2012-11-10 01:50:22 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\mpengine.dll2012-11-09 13:30:54 -------- d-----w- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2}2012-11-08 17:07:16 -------- d-----w- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A}2012-11-07 16:54:07 -------- d-----w- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4}2012-11-06 18:58:00 -------- d-----w- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65}2012-11-06 05:45:55 -------- d-----w- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0}2012-11-06 05:15:52 -------- d-----w- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA}2012-11-06 05:11:55 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2012-11-06 05:11:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692012-11-06 05:11:03 -------- d-----w- C:\Program Files\iTunes2012-11-06 05:11:03 -------- d-----w- C:\Program Files\iPod2012-11-05 17:09:21 -------- d-----w- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7}2012-11-02 01:59:46 -------- d-----w- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73}2012-10-31 20:26:08 -------- d-----w- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE}2012-10-29 02:50:50 -------- d-----w- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6}2012-10-26 18:50:08 -------- d-----w- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291}.==================== Find3M ====================.2012-10-27 00:03:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2012-10-27 00:03:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2012-10-22 20:31:54 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02012-10-09 05:43:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-09 05:43:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-09-19 22:48:47 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll.============= FINISH: 13:33:05.15 =============== Link to post Share on other sites More sharing options...
nncout Posted November 18, 2012 Author ID:614486 Share Posted November 18, 2012 Here is the adwcleaner:# AdwCleaner v2.008 - Logfile created 11/18/2012 at 13:36:24# Updated 17/11/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jimmy - JIMMY-PC# Boot Mode : Safe mode with networking# Running from : C:\Users\Jimmy\Documents\AC3D\Elemental Swords\adwcleaner.exe# Option [search]***** [services] *****Found : Browser Manager***** [Files / Folders] *****File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xmlFile Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Found : C:\user.jsFile Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFile Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\bProtect.xmlFile Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Conduit.xmlFile Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Plusnetwork.xmlFolder Found : C:\Program Files (x86)\appbario8Folder Found : C:\Program Files (x86)\ConduitFolder Found : C:\Program Files (x86)\iBryteFolder Found : C:\Program Files (x86)\Vgrabber1Folder Found : C:\Program Files (x86)\Yontoo Layers RuntimeFolder Found : C:\ProgramData\AskFolder Found : C:\ProgramData\Browser ManagerFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\Users\Jimmy\AppData\Local\blekkotbFolder Found : C:\Users\Jimmy\AppData\Local\ConduitFolder Found : C:\Users\Jimmy\AppData\Local\Ilivid PlayerFolder Found : C:\Users\Jimmy\AppData\Local\Savings SidekickFolder Found : C:\Users\Jimmy\AppData\Local\Temp\BabylonToolbarFolder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3007394Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3131886Folder Found : C:\Users\Jimmy\AppData\Local\Temp\CT3184201Folder Found : C:\Users\Jimmy\AppData\LocalLow\appbario8Folder Found : C:\Users\Jimmy\AppData\LocalLow\AskToolbarFolder Found : C:\Users\Jimmy\AppData\LocalLow\ConduitFolder Found : C:\Users\Jimmy\AppData\LocalLow\iBryteFolder Found : C:\Users\Jimmy\AppData\LocalLow\PriceGongFolder Found : C:\Users\Jimmy\AppData\LocalLow\searchqubandFolder Found : C:\Users\Jimmy\AppData\LocalLow\Vgrabber1Folder Found : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser ManagerFolder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ConduitCommonFolder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3007394Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3131886Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970}Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\bbrs_002@blabbers.comFolder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\plugin@yontoo.comFolder Found : C:\Users\Jimmy\AppData\Roaming\OpenCandyFolder Found : C:\Users\Natalie\AppData\LocalLow\iBryteFolder Found : C:\Users\Natalie\AppData\LocalLow\searchqubandFolder Found : C:\Users\Natalie\AppData\LocalLow\Searchqutoolbar***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\appbario8Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\Savings SidekickKey Found : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\Vgrabber1Key Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\bProtectorKey Found : HKCU\Software\BrowserCompanionKey Found : HKCU\Software\DataMngrKey Found : HKCU\Software\DataMngr_ToolbarKey Found : HKCU\Software\ilividKey Found : HKCU\Software\InstalledBrowserExtensionsKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\Software\appbario8Key Found : HKLM\Software\BandooKey Found : HKLM\Software\bProtectorKey Found : HKLM\Software\BrowserCompanionKey Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLLKey Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowserKey Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCoreKey Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngrKey Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngrKey Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngrKey Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHOKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.SandboxKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHOKey Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanelKey Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuFormKey Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarKey Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObjectKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\Toolbar.CT3007394Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3131886Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3184201Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.ApiKey Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.LayersKey Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\DataMngrKey Found : HKLM\Software\ilividKey Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA50D456-3601-4EC6-8A34-C01E45446CA7}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKLM\Software\Vgrabber1Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA50D456-3601-4EC6-8A34-C01E45446CA7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoeboKey Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlcKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A33D171-D518-4AD2-8F6B-ABFA74A16F4C}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF7076-CF8E-4D3C-A14E-8E1C1FB34C78}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D58D29-630F-46DE-89F1-A4A099DA22A6}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8D2AFC-110B-463A-8764-8A742525F37C}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 ToolbarKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 ToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Found : HKLM\SOFTWARE\SoftwareKey Found : HKLM\SOFTWARE\Tarma InstallerKey Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Found : HKU\S-1-5-21-2042600517-863206636-2601340993-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com-\\ Mozilla Firefox v9.0.1 (en-US)Profile name : defaultFile : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.jsFound : user_pref("CT3007394..clientLogIsEnabled", false);Found : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]Found : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]Found : user_pref("CT3007394.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Found : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");Found : user_pref("CT3007394.BrowserCompStateIsOpen_129647087198219321", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129647087427906824", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129651294520663109", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129659125714113035", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129660184590163266", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129682607808034876", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129738834384600252", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_129742041561828741", true);Found : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true);Found : user_pref("CT3007394.CT3007394", "CT3007394");Found : user_pref("CT3007394.CurrentServerDate", "30-10-2012");Found : user_pref("CT3007394.DSInstall", false);Found : user_pref("CT3007394.DialogsAlignMode", "LTR");Found : user_pref("CT3007394.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]Found : user_pref("CT3007394.DownloadReferralCookieData", "");Found : user_pref("CT3007394.FirstServerDate", "4-12-2011");Found : user_pref("CT3007394.FirstTime", true);Found : user_pref("CT3007394.FirstTimeFF3", true);Found : user_pref("CT3007394.FixPageNotFoundErrors", false);Found : user_pref("CT3007394.GroupingServerCheckInterval", 1440);Found : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");Found : user_pref("CT3007394.HPInstall", false);Found : user_pref("CT3007394.HasUserGlobalKeys", true);Found : user_pref("CT3007394.HomePageProtectorEnabled", false);Found : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");Found : user_pref("CT3007394.Initialize", true);Found : user_pref("CT3007394.InitializeCommonPrefs", true);Found : user_pref("CT3007394.InstallationAndCookieDataSentCount", 3);Found : user_pref("CT3007394.InstallationType", "Unknown");Found : user_pref("CT3007394.InstalledDate", "Mon Nov 14 2011 10:07:27 GMT-0600 (Central Standard Time)");Found : user_pref("CT3007394.InvalidateCache", false);Found : user_pref("CT3007394.IsAlertDBUpdated", true);Found : user_pref("CT3007394.IsGrouping", false);Found : user_pref("CT3007394.IsInitSetupIni", true);Found : user_pref("CT3007394.IsMulticommunity", false);Found : user_pref("CT3007394.IsOpenThankYouPage", true);Found : user_pref("CT3007394.IsOpenUninstallPage", false);Found : user_pref("CT3007394.IsProtectorsInit", true);Found : user_pref("CT3007394.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Dayligh[...]Found : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440);Found : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]Found : user_pref("CT3007394.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]Found : user_pref("CT3007394.LastLogin_3.8.0.8", "Sat Dec 17 2011 15:10:00 GMT-0600 (Central Standard Time)"[...]Found : user_pref("CT3007394.LastLogin_3.8.1.0", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)"[...]Found : user_pref("CT3007394.LatestVersion", "3.14.1.0");Found : user_pref("CT3007394.Locale", "en-us");Found : user_pref("CT3007394.MCDetectTooltipHeight", "83");Found : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Found : user_pref("CT3007394.MCDetectTooltipWidth", "295");Found : user_pref("CT3007394.MyStuffEnabledAtInstallation", true);Found : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6");Found : user_pref("CT3007394.RadioIsPodcast", false);Found : user_pref("CT3007394.RadioLastCheckTime", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)[...]Found : user_pref("CT3007394.RadioLastUpdateIPServer", "3");Found : user_pref("CT3007394.RadioLastUpdateServer", "3");Found : user_pref("CT3007394.RadioMediaID", "9962");Found : user_pref("CT3007394.RadioMediaType", "Media Player");Found : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962");Found : user_pref("CT3007394.RadioShrinkedFromSetup", false);Found : user_pref("CT3007394.RadioStationName", "California%20Rock");Found : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx");Found : user_pref("CT3007394.SearchBoxWidth", 172);Found : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search");Found : user_pref("CT3007394.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");Found : user_pref("CT3007394.SearchFromAddressBarIsInit", true);Found : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]Found : user_pref("CT3007394.SearchInNewTabEnabled", true);Found : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440);Found : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Dayli[...]Found : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]Found : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]Found : user_pref("CT3007394.SearchProtectorEnabled", false);Found : user_pref("CT3007394.SearchProtectorToolbarDisabled", false);Found : user_pref("CT3007394.SendProtectorDataViaLogin", true);Found : user_pref("CT3007394.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight [...]Found : user_pref("CT3007394.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight Ti[...]Found : user_pref("CT3007394.SettingsLastUpdate", "1351523139");Found : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13");Found : user_pref("CT3007394.ThirdPartyComponentsInterval", 504);Found : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 22:49:54 GMT-0500 (Central Day[...]Found : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586");Found : user_pref("CT3007394.ToolbarShrinkedFromSetup", false);Found : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394");Found : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]Found : user_pref("CT3007394.UserID", "UN46344112059454257");Found : user_pref("CT3007394.ValidationData_Search", 0);Found : user_pref("CT3007394.ValidationData_Toolbar", 2);Found : user_pref("CT3007394.alertChannelId", "1399123");Found : user_pref("CT3007394.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]Found : user_pref("CT3007394.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]Found : user_pref("CT3007394.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]Found : user_pref("CT3007394.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]Found : user_pref("CT3007394.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]Found : user_pref("CT3007394.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]Found : user_pref("CT3007394.backendstorage./9b+7e06cg5el8:", "6E6D6F6F73717474706F");Found : user_pref("CT3007394.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757579777A7A7675242F4B4947[...]Found : user_pref("CT3007394.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]Found : user_pref("CT3007394.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]Found : user_pref("CT3007394.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]Found : user_pref("CT3007394.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]Found : user_pref("CT3007394.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]Found : user_pref("CT3007394.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]Found : user_pref("CT3007394.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]Found : user_pref("CT3007394.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]Found : user_pref("CT3007394.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]Found : user_pref("CT3007394.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]Found : user_pref("CT3007394.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]Found : user_pref("CT3007394.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]Found : user_pref("CT3007394.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]Found : user_pref("CT3007394.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]Found : user_pref("CT3007394.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]Found : user_pref("CT3007394.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]Found : user_pref("CT3007394.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]Found : user_pref("CT3007394.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]Found : user_pref("CT3007394.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]Found : user_pref("CT3007394.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]Found : user_pref("CT3007394.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]Found : user_pref("CT3007394.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]Found : user_pref("CT3007394.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]Found : user_pref("CT3007394.backendstorage./9b-0?3g>d", "396B3B3E6E3E75417A4578787A207449787B254D5253512A54[...]Found : user_pref("CT3007394.backendstorage./9b-0?3g@6:5;", "");Found : user_pref("CT3007394.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]Found : user_pref("CT3007394.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");Found : user_pref("CT3007394.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]Found : user_pref("CT3007394.backendstorage./9b5ba==9cjag", "393A6E6A737443457A7246737A787649784E224C7C");Found : user_pref("CT3007394.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F737174747577767175");Found : user_pref("CT3007394.backendstorage./9b90e@8ff=eg", "393F352F3E");Found : user_pref("CT3007394.backendstorage./9b9643g3/9e", "6A");Found : user_pref("CT3007394.backendstorage./9b<:222h64<", "393F352F3E");Found : user_pref("CT3007394.backendstorage./9b=+03eh8h8j?:", "4443");Found : user_pref("CT3007394.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]Found : user_pref("CT3007394.backendstorage./9b?b0d:8aj62<h", "6D");Found : user_pref("CT3007394.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");Found : user_pref("CT3007394.backendstorage.activationstep", "31");Found : user_pref("CT3007394.backendstorage.autocompletepro_enable", "31");Found : user_pref("CT3007394.backendstorage.autocompletepro_enable_auto", "31");Found : user_pref("CT3007394.backendstorage.cbfirsttime", "4D6F6E204E6F7620313420323031312031303A30373A32372[...]Found : user_pref("CT3007394.backendstorage.dealplyhardid", "333538313534373730313635343535393539");Found : user_pref("CT3007394.backendstorage.dealplywasshownctsettingswidget", "31");Found : user_pref("CT3007394.backendstorage.firstrun", "31333233303331323231363233");Found : user_pref("CT3007394.backendstorage.hxxp://api10_starwebnet_com.pid2", "6133343337303161646330626136[...]Found : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "313063666639346433343832[...]Found : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3130636666393464333438323[...]Found : user_pref("CT3007394.backendstorage.key_user_agree_ia12", "31");Found : user_pref("CT3007394.backendstorage.loadtimes", "31");Found : user_pref("CT3007394.backendstorage.shoppingapp.gk.exipres", "546875204D617220323220323031322032323A[...]Found : user_pref("CT3007394.backendstorage.shoppingapp.gk.geolocation", "63616E616461");Found : user_pref("CT3007394.backendstorage.url_history", "68747470733A2F2F7777772E7469636B65746D61737465722[...]Found : user_pref("CT3007394.backendstorage.url_history_time", "31333235393732333632303539");Found : user_pref("CT3007394.backendstorage.user_uniqueid", "63356336613138612D336338612D633134612D386434322[...]Found : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]Found : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central [...]Found : user_pref("CT3007394.homepageProtectorEnableByLogin", true);Found : user_pref("CT3007394.initDone", true);Found : user_pref("CT3007394.isAppTrackingManagerOn", true);Found : user_pref("CT3007394.isFirstRadioInstallation", false);Found : user_pref("CT3007394.myStuffEnabled", true);Found : user_pref("CT3007394.myStuffPublihserMinWidth", 400);Found : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]Found : user_pref("CT3007394.myStuffServiceIntervalMM", 1440);Found : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]Found : user_pref("CT3007394.oldAppsList", "129496561699875753,129496561700500759,111,129754315803927444,129[...]Found : user_pref("CT3007394.revertSettingsEnabled", false);Found : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10);Found : user_pref("CT3007394.searchProtectorEnableByLogin", true);Found : user_pref("CT3007394.testingCtid", "");Found : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central D[...]Found : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central D[...]Found : user_pref("CT3007394.usagesFlag", 2);Found : user_pref("CT3131886..clientLogIsEnabled", false);Found : user_pref("CT3131886..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]Found : user_pref("CT3131886..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]Found : user_pref("CT3131886.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Found : user_pref("CT3131886.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");Found : user_pref("CT3131886.BrowserCompStateIsOpen_129730831435930026", true);Found : user_pref("CT3131886.CTID", "CT3131886");Found : user_pref("CT3131886.CurrentServerDate", "30-10-2012");Found : user_pref("CT3131886.DSChangedManually", false);Found : user_pref("CT3131886.DSInstall", true);Found : user_pref("CT3131886.DSProtectChoice", true);Found : user_pref("CT3131886.DSProtectCount", 3);Found : user_pref("CT3131886.DialogsAlignMode", "LTR");Found : user_pref("CT3131886.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]Found : user_pref("CT3131886.DownloadReferralCookieData", "");Found : user_pref("CT3131886.EMailNotifierPollDate", "Fri Sep 07 2012 10:51:30 GMT-0500 (Central Daylight Ti[...]Found : user_pref("CT3131886.FirstServerDate", "7-8-2012");Found : user_pref("CT3131886.FirstTime", true);Found : user_pref("CT3131886.FirstTimeFF3", true);Found : user_pref("CT3131886.FirstTimeHiddenVer", true);Found : user_pref("CT3131886.FixPageNotFoundErrors", true);Found : user_pref("CT3131886.GroupingServerCheckInterval", 1440);Found : user_pref("CT3131886.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");Found : user_pref("CT3131886.HPInstall", true);Found : user_pref("CT3131886.HPProtectChoice", true);Found : user_pref("CT3131886.HPProtectCount", 1);Found : user_pref("CT3131886.HasUserGlobalKeys", true);Found : user_pref("CT3131886.HomePageProtectorEnabled", true);Found : user_pref("CT3131886.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=[...]Found : user_pref("CT3131886.Initialize", true);Found : user_pref("CT3131886.InitializeCommonPrefs", true);Found : user_pref("CT3131886.InstallationAndCookieDataSentCount", 3);Found : user_pref("CT3131886.InstallationId", "conduitinstaller.exe");Found : user_pref("CT3131886.InstallationType", "ConduitNSISIntegration");Found : user_pref("CT3131886.InstalledDate", "Tue Aug 07 2012 14:41:55 GMT-0500 (Central Daylight Time)");Found : user_pref("CT3131886.InvalidateCache", false);Found : user_pref("CT3131886.IsAlertDBUpdated", true);Found : user_pref("CT3131886.IsGrouping", false);Found : user_pref("CT3131886.IsInitSetupIni", true);Found : user_pref("CT3131886.IsMulticommunity", false);Found : user_pref("CT3131886.IsOpenThankYouPage", false);Found : user_pref("CT3131886.IsOpenUninstallPage", true);Found : user_pref("CT3131886.IsProtectorsInit", true);Found : user_pref("CT3131886.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayligh[...]Found : user_pref("CT3131886.LanguagePackReloadIntervalMM", 1440);Found : user_pref("CT3131886.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]Found : user_pref("CT3131886.LastLogin_3.13.0.6", "Fri Aug 24 2012 11:27:02 GMT-0500 (Central Daylight Time)[...]Found : user_pref("CT3131886.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]Found : user_pref("CT3131886.LatestVersion", "3.15.1.0");Found : user_pref("CT3131886.Locale", "en");Found : user_pref("CT3131886.MCDetectTooltipHeight", "83");Found : user_pref("CT3131886.MCDetectTooltipShow", false);Found : user_pref("CT3131886.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Found : user_pref("CT3131886.MCDetectTooltipWidth", "295");Found : user_pref("CT3131886.MyStuffEnabledAtInstallation", true);Found : user_pref("CT3131886.OriginalFirstVersion", "3.13.0.6");Found : user_pref("CT3131886.RadioIsPodcast", false);Found : user_pref("CT3131886.RadioLastCheckTime", "Fri Sep 07 2012 10:46:30 GMT-0500 (Central Daylight Time)[...]Found : user_pref("CT3131886.RadioLastUpdateIPServer", "3");Found : user_pref("CT3131886.RadioLastUpdateServer", "3");Found : user_pref("CT3131886.RadioMediaID", "9962");Found : user_pref("CT3131886.RadioMediaType", "Media Player");Found : user_pref("CT3131886.RadioMenuSelectedID", "EBRadioMenu_CT31318869962");Found : user_pref("CT3131886.RadioShrinkedFromSetup", false);Found : user_pref("CT3131886.RadioStationName", "California%20Rock");Found : user_pref("CT3131886.RadioStationURL", "hxxp://feedlive.net/california.asx");Found : user_pref("CT3131886.SHRINK_TOOLBAR", 1);Found : user_pref("CT3131886.SavedHomepage", "about:home");Found : user_pref("CT3131886.SearchCaption", "Vgrabber1 Customized Web Search");Found : user_pref("CT3131886.SearchEngineBeforeUnload", "Vgrabber1 Customized Web Search");Found : user_pref("CT3131886.SearchFromAddressBarIsInit", true);Found : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]Found : user_pref("CT3131886.SearchInNewTabEnabled", true);Found : user_pref("CT3131886.SearchInNewTabIntervalMM", 1440);Found : user_pref("CT3131886.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayli[...]Found : user_pref("CT3131886.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]Found : user_pref("CT3131886.SearchProtectorEnabled", false);Found : user_pref("CT3131886.SearchProtectorToolbarDisabled", false);Found : user_pref("CT3131886.SendProtectorDataViaLogin", true);Found : user_pref("CT3131886.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight [...]Found : user_pref("CT3131886.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Daylight Ti[...]Found : user_pref("CT3131886.SettingsLastUpdate", "1351523139");Found : user_pref("CT3131886.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");Found : user_pref("CT3131886.ThirdPartyComponentsInterval", 504);Found : user_pref("CT3131886.ThirdPartyComponentsLastCheck", "Tue Oct 16 2012 09:30:39 GMT-0500 (Central Day[...]Found : user_pref("CT3131886.ThirdPartyComponentsLastUpdate", "1331805997");Found : user_pref("CT3131886.ToolbarShrinkedFromSetup", false);Found : user_pref("CT3131886.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3131886");Found : user_pref("CT3131886.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]Found : user_pref("CT3131886.UserID", "UN94108909980738385");Found : user_pref("CT3131886.ValidationData_Search", 2);Found : user_pref("CT3131886.ValidationData_Toolbar", 2);Found : user_pref("CT3131886.WeatherNetwork", "");Found : user_pref("CT3131886.WeatherPollDate", "Fri Sep 07 2012 10:46:31 GMT-0500 (Central Daylight Time)");Found : user_pref("CT3131886.WeatherUnit", "C");Found : user_pref("CT3131886.alertChannelId", "1528270");Found : user_pref("CT3131886.approveUntrustedApps", false);Found : user_pref("CT3131886.autoDisableScopes", -1);Found : user_pref("CT3131886.backendstorage.cbcountry_001", "4341");Found : user_pref("CT3131886.backendstorage.cbfirsttime", "5475652041756720303720323031322031343A34323A30332[...]Found : user_pref("CT3131886.backendstorage.shoppingapp.gk.exipres", "5765642053657020313220323031322031303A[...]Found : user_pref("CT3131886.backendstorage.shoppingapp.gk.geolocation", "63616E616461");Found : user_pref("CT3131886.backendstorage.url_history0001", "68747470733A2F2F6D796163636F756E742E737475626[...]Found : user_pref("CT3131886.components.1000034", false);Found : user_pref("CT3131886.components.1000082", false);Found : user_pref("CT3131886.components.1000234", false);Found : user_pref("CT3131886.components.129730831435930026", false);Found : user_pref("CT3131886.components.524677150398786033", false);Found : user_pref("CT3131886.components.5905781182315170198", false);Found : user_pref("CT3131886.components.8352985832934023790", false);Found : user_pref("CT3131886.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]Found : user_pref("CT3131886.globalFirstTimeInfoLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central [...]Found : user_pref("CT3131886.homepageProtectorEnableByLogin", true);Found : user_pref("CT3131886.initDone", true);Found : user_pref("CT3131886.isAppTrackingManagerOn", false);Found : user_pref("CT3131886.isFirstRadioInstallation", false);Found : user_pref("CT3131886.myStuffEnabled", true);Found : user_pref("CT3131886.myStuffPublihserMinWidth", 400);Found : user_pref("CT3131886.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]Found : user_pref("CT3131886.myStuffServiceIntervalMM", 1440);Found : user_pref("CT3131886.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]Found : user_pref("CT3131886.navigateToUrlOnSearch", false);Found : user_pref("CT3131886.revertSettingsEnabled", false);Found : user_pref("CT3131886.searchProtectorDialogDelayInSec", 10);Found : user_pref("CT3131886.searchProtectorEnableByLogin", true);Found : user_pref("CT3131886.testingCtid", "");Found : user_pref("CT3131886.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]Found : user_pref("CT3131886.toolbarContextMenuLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]Found : user_pref("CT3131886.usagesFlag", 2);Found : user_pref("CT3184201.autoDisableScopes", -1);Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&Search[...]Found : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber1 Customized Web Search");Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3007394/CT3007394[...]Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3131886/CT3131886[...]Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/CA", "\"0\"[...]Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1528270/1523533/CA", "\"0\"[...]Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...]Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3131886", [...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...]Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3131886",[...]Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...]Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f61[...]Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jimmy\\AppData\\Roaming\\Mozilla\\F[...]Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...]Found : user_pref("CommunityToolbar.ToolbarsList", "CT3007394,CT3131886");Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3007394,CT3131886");Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394,CT3131886");Found : user_pref("CommunityToolbar.globalUserId", "cfa6a056-b3a6-49dd-a5f4-6a527a1dde7b");Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3131886");Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:2[...]Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 30 2012 14:53:35 GMT-050[...]Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Found : user_pref("CommunityToolbar.notifications.locale", "en");Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 30 2012 14:53:25 GMT-0500 (C[...]Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Found : user_pref("CommunityToolbar.notifications.userId", "3d548f0a-0364-4773-aaad-ddf9ba381f72");Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");Found : user_pref("browser.search.defaultenginename", "SweetIM Search");Found : user_pref("browser.search.defaultthis.engineName", "Vgrabber1 Customized Web Search");Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");Found : user_pref("extensions.BabylonToolbar.admin", false);Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");Found : user_pref("extensions.BabylonToolbar.babExt", "");Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478");Found : user_pref("extensions.BabylonToolbar.bbDpng", 17);Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);Found : user_pref("extensions.BabylonToolbar.hmpg", true);Found : user_pref("extensions.BabylonToolbar.id", "3421d9cb0000000000006c626d04a8ee");Found : user_pref("extensions.BabylonToolbar.instlDay", "15311");Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...]Found : user_pref("extensions.BabylonToolbar.lastDP", 17);Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:30:40");Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");Found : user_pref("extensions.BabylonToolbar.newTab", true);Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Found : user_pref("extensions.BabylonToolbar.propectorlck", 62716807);Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:30:40");Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");Found : user_pref("extensions.BabylonToolbar_i.babExt", "");Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478");Found : user_pref("extensions.BabylonToolbar_i.hardId", "3421d9cb0000000000006c626d04a8ee");Found : user_pref("extensions.BabylonToolbar_i.id", "3421d9cb0000000000006c626d04a8ee");Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15311");Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");Found : user_pref("extensions.BabylonToolbar_i.newTab", false);Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:30:40");Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");Found : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);Found : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1345846103);Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);Found : user_pref("extensions.crossriderapp5060.5060.active", true);Found : user_pref("extensions.crossriderapp5060.5060.addressbar", "");Found : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]Found : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);Found : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);Found : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");Found : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1345846103");Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1345846103");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 15:[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22CA%22");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351627333");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1346215148681");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2271399%22");Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1346215132842");Found : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");Found : user_pref("extensions.crossriderapp5060.5060.domain", "");Found : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);Found : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");Found : user_pref("extensions.crossriderapp5060.5060.group", 0);Found : user_pref("extensions.crossriderapp5060.5060.homepage", "");Found : user_pref("extensions.crossriderapp5060.5060.iframe", false);Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Oct 30[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]Found : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]Found : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");Found : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");Found : user_pref("extensions.crossriderapp5060.5060.newtab", "");Found : user_pref("extensions.crossriderapp5060.5060.opensearch", "");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]Found : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]Found : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);Found : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");Found : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);Found : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);Found : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");Found : user_pref("extensions.crossriderapp5060.5060.thankyou", "");Found : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);Found : user_pref("extensions.crossriderapp5060.5060.ver", 37);Found : user_pref("extensions.crossriderapp5060.adsOldValue", -1);Found : user_pref("extensions.crossriderapp5060.apps", "5060");Found : user_pref("extensions.crossriderapp5060.bic", "13970ac45d1fea38dfe70a3d79b4c9f2");Found : user_pref("extensions.crossriderapp5060.cid", 5060);Found : user_pref("extensions.crossriderapp5060.firstrun", false);Found : user_pref("extensions.crossriderapp5060.hadappinstalled", true);Found : user_pref("extensions.crossriderapp5060.installationdate", 1346215105);Found : user_pref("extensions.crossriderapp5060.lastcheck", 22527113);Found : user_pref("extensions.crossriderapp5060.lastcheckitem", 22527130);Found : user_pref("extensions.crossriderapp5060.modetype", "production");Found : user_pref("extensions.enabledAddons", "facecons@facecons.com:1.1,plugin@yontoo.com:1.20.00,{167d9323[...]Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Vgrabber1 Customized Web Search[...]Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT31[...]Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");Found : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");Found : user_pref("browser.search.selectedEngine", "Plus! Network");Profile name : defaultFile : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\7pky55tm.default\prefs.js[OK] File is clean.-\\ Chromium v [unable to get version]File : C:\Users\Jimmy\AppData\Local\Chromium\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [69599 octets] - [18/11/2012 13:36:24]########## EOF - C:\AdwCleaner[R1].txt - [69660 octets] ########## Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 18, 2012 ID:614491 Share Posted November 18, 2012 Good morning nncout. Thanks for responding! Ok I have done the check disk. I only did it to the C: drive, should I also do it to the D:?Go for it. Please close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.=====Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).Please go here to see a list of programs that need to be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.****Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**Please include the C:\ComboFix.txt in your next reply for further review.=====Finally, please download Malwarebytes Anti-Rootkit here. Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.=====In your reply please provide the contents of the following logs (you will need to use multiple posts):AdwCleaner[s1].txt.ComboFix.txt.Both MBAR logs. Link to post Share on other sites More sharing options...
nncout Posted November 18, 2012 Author ID:614560 Share Posted November 18, 2012 Ok here are the latest logs...# AdwCleaner v2.008 - Logfile created 11/18/2012 at 15:59:25# Updated 17/11/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jimmy - JIMMY-PC# Boot Mode : Safe mode with networking# Running from : C:\Users\Jimmy\Desktop\adwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : Browser Manager***** [Files / Folders] *****File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xmlFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Deleted : C:\user.jsFile Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFile Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\bProtect.xmlFile Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Conduit.xmlFile Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Plusnetwork.xmlFolder Deleted : C:\Program Files (x86)\appbario8Folder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\iBryteFolder Deleted : C:\Program Files (x86)\Vgrabber1Folder Deleted : C:\Program Files (x86)\Yontoo Layers RuntimeFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\Browser ManagerFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\Jimmy\AppData\Local\blekkotbFolder Deleted : C:\Users\Jimmy\AppData\Local\ConduitFolder Deleted : C:\Users\Jimmy\AppData\Local\Ilivid PlayerFolder Deleted : C:\Users\Jimmy\AppData\Local\Savings SidekickFolder Deleted : C:\Users\Jimmy\AppData\Local\Temp\BabylonToolbarFolder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3007394Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3131886Folder Deleted : C:\Users\Jimmy\AppData\Local\Temp\CT3184201Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\appbario8Folder Deleted : C:\Users\Jimmy\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\iBryteFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\searchqubandFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\Vgrabber1Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser ManagerFolder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\ConduitCommonFolder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3007394Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\CT3131886Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970}Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\bbrs_002@blabbers.comFolder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\plugin@yontoo.comFolder Deleted : C:\Users\Jimmy\AppData\Roaming\OpenCandyFolder Deleted : C:\Users\Natalie\AppData\LocalLow\iBryteFolder Deleted : C:\Users\Natalie\AppData\LocalLow\searchqubandFolder Deleted : C:\Users\Natalie\AppData\LocalLow\Searchqutoolbar***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\appbario8Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\Savings SidekickKey Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\Vgrabber1Key Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\bProtectorKey Deleted : HKCU\Software\BrowserCompanionKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\InstalledBrowserExtensionsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\Software\appbario8Key Deleted : HKLM\Software\BandooKey Deleted : HKLM\Software\bProtectorKey Deleted : HKLM\Software\BrowserCompanionKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLLKey Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowserKey Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCoreKey Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngrKey Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngrKey Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngrKey Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHOKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.SandboxKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHOKey Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanelKey Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuFormKey Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarKey Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObjectKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3007394Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3184201Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.ApiKey Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.LayersKey Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\ilividKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA50D456-3601-4EC6-8A34-C01E45446CA7}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\Software\Vgrabber1Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA50D456-3601-4EC6-8A34-C01E45446CA7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoeboKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlcKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A33D171-D518-4AD2-8F6B-ABFA74A16F4C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF7076-CF8E-4D3C-A14E-8E1C1FB34C78}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D58D29-630F-46DE-89F1-A4A099DA22A6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8D2AFC-110B-463A-8764-8A742525F37C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9BBF004-6E40-4019-8214-C43A37E1D058}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 ToolbarKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 ToolbarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKLM\SOFTWARE\SoftwareKey Deleted : HKLM\SOFTWARE\Tarma InstallerValue Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9BBF004-6E40-4019-8214-C43A37E1D058}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com-\\ Mozilla Firefox v9.0.1 (en-US)Profile name : defaultFile : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.jsC:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\user.js ... Deleted !Deleted : user_pref("CT3007394..clientLogIsEnabled", false);Deleted : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]Deleted : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]Deleted : user_pref("CT3007394.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Deleted : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129647087198219321", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129647087427906824", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129651294520663109", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129659125714113035", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129660184590163266", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129682607808034876", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129738834384600252", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129742041561828741", true);Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true);Deleted : user_pref("CT3007394.CT3007394", "CT3007394");Deleted : user_pref("CT3007394.CurrentServerDate", "30-10-2012");Deleted : user_pref("CT3007394.DSInstall", false);Deleted : user_pref("CT3007394.DialogsAlignMode", "LTR");Deleted : user_pref("CT3007394.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]Deleted : user_pref("CT3007394.DownloadReferralCookieData", "");Deleted : user_pref("CT3007394.FirstServerDate", "4-12-2011");Deleted : user_pref("CT3007394.FirstTime", true);Deleted : user_pref("CT3007394.FirstTimeFF3", true);Deleted : user_pref("CT3007394.FixPageNotFoundErrors", false);Deleted : user_pref("CT3007394.GroupingServerCheckInterval", 1440);Deleted : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");Deleted : user_pref("CT3007394.HPInstall", false);Deleted : user_pref("CT3007394.HasUserGlobalKeys", true);Deleted : user_pref("CT3007394.HomePageProtectorEnabled", false);Deleted : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");Deleted : user_pref("CT3007394.Initialize", true);Deleted : user_pref("CT3007394.InitializeCommonPrefs", true);Deleted : user_pref("CT3007394.InstallationAndCookieDataSentCount", 3);Deleted : user_pref("CT3007394.InstallationType", "Unknown");Deleted : user_pref("CT3007394.InstalledDate", "Mon Nov 14 2011 10:07:27 GMT-0600 (Central Standard Time)");Deleted : user_pref("CT3007394.InvalidateCache", false);Deleted : user_pref("CT3007394.IsAlertDBUpdated", true);Deleted : user_pref("CT3007394.IsGrouping", false);Deleted : user_pref("CT3007394.IsInitSetupIni", true);Deleted : user_pref("CT3007394.IsMulticommunity", false);Deleted : user_pref("CT3007394.IsOpenThankYouPage", true);Deleted : user_pref("CT3007394.IsOpenUninstallPage", false);Deleted : user_pref("CT3007394.IsProtectorsInit", true);Deleted : user_pref("CT3007394.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Dayligh[...]Deleted : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440);Deleted : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]Deleted : user_pref("CT3007394.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]Deleted : user_pref("CT3007394.LastLogin_3.8.0.8", "Sat Dec 17 2011 15:10:00 GMT-0600 (Central Standard Time)"[...]Deleted : user_pref("CT3007394.LastLogin_3.8.1.0", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)"[...]Deleted : user_pref("CT3007394.LatestVersion", "3.14.1.0");Deleted : user_pref("CT3007394.Locale", "en-us");Deleted : user_pref("CT3007394.MCDetectTooltipHeight", "83");Deleted : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Deleted : user_pref("CT3007394.MCDetectTooltipWidth", "295");Deleted : user_pref("CT3007394.MyStuffEnabledAtInstallation", true);Deleted : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6");Deleted : user_pref("CT3007394.RadioIsPodcast", false);Deleted : user_pref("CT3007394.RadioLastCheckTime", "Sat Mar 17 2012 22:49:56 GMT-0500 (Central Daylight Time)[...]Deleted : user_pref("CT3007394.RadioLastUpdateIPServer", "3");Deleted : user_pref("CT3007394.RadioLastUpdateServer", "3");Deleted : user_pref("CT3007394.RadioMediaID", "9962");Deleted : user_pref("CT3007394.RadioMediaType", "Media Player");Deleted : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962");Deleted : user_pref("CT3007394.RadioShrinkedFromSetup", false);Deleted : user_pref("CT3007394.RadioStationName", "California%20Rock");Deleted : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx");Deleted : user_pref("CT3007394.SearchBoxWidth", 172);Deleted : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search");Deleted : user_pref("CT3007394.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");Deleted : user_pref("CT3007394.SearchFromAddressBarIsInit", true);Deleted : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]Deleted : user_pref("CT3007394.SearchInNewTabEnabled", true);Deleted : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440);Deleted : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Dayli[...]Deleted : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]Deleted : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]Deleted : user_pref("CT3007394.SearchProtectorEnabled", false);Deleted : user_pref("CT3007394.SearchProtectorToolbarDisabled", false);Deleted : user_pref("CT3007394.SendProtectorDataViaLogin", true);Deleted : user_pref("CT3007394.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight [...]Deleted : user_pref("CT3007394.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:07 GMT-0500 (Central Daylight Ti[...]Deleted : user_pref("CT3007394.SettingsLastUpdate", "1351523139");Deleted : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13");Deleted : user_pref("CT3007394.ThirdPartyComponentsInterval", 504);Deleted : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 22:49:54 GMT-0500 (Central Day[...]Deleted : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586");Deleted : user_pref("CT3007394.ToolbarShrinkedFromSetup", false);Deleted : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394");Deleted : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]Deleted : user_pref("CT3007394.UserID", "UN46344112059454257");Deleted : user_pref("CT3007394.ValidationData_Search", 0);Deleted : user_pref("CT3007394.ValidationData_Toolbar", 2);Deleted : user_pref("CT3007394.alertChannelId", "1399123");Deleted : user_pref("CT3007394.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e06cg5el8:", "6E6D6F6F73717474706F");Deleted : user_pref("CT3007394.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757579777A7A7675242F4B4947[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]Deleted : user_pref("CT3007394.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]Deleted : user_pref("CT3007394.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]Deleted : user_pref("CT3007394.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]Deleted : user_pref("CT3007394.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]Deleted : user_pref("CT3007394.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]Deleted : user_pref("CT3007394.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]Deleted : user_pref("CT3007394.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]Deleted : user_pref("CT3007394.backendstorage./9b-0?3g>d", "396B3B3E6E3E75417A4578787A207449787B254D5253512A54[...]Deleted : user_pref("CT3007394.backendstorage./9b-0?3g@6:5;", "");Deleted : user_pref("CT3007394.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]Deleted : user_pref("CT3007394.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");Deleted : user_pref("CT3007394.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]Deleted : user_pref("CT3007394.backendstorage./9b5ba==9cjag", "393A6E6A737443457A7246737A787649784E224C7C");Deleted : user_pref("CT3007394.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F737174747577767175");Deleted : user_pref("CT3007394.backendstorage./9b90e@8ff=eg", "393F352F3E");Deleted : user_pref("CT3007394.backendstorage./9b9643g3/9e", "6A");Deleted : user_pref("CT3007394.backendstorage./9b<:222h64<", "393F352F3E");Deleted : user_pref("CT3007394.backendstorage./9b=+03eh8h8j?:", "4443");Deleted : user_pref("CT3007394.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]Deleted : user_pref("CT3007394.backendstorage./9b?b0d:8aj62<h", "6D");Deleted : user_pref("CT3007394.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");Deleted : user_pref("CT3007394.backendstorage.activationstep", "31");Deleted : user_pref("CT3007394.backendstorage.autocompletepro_enable", "31");Deleted : user_pref("CT3007394.backendstorage.autocompletepro_enable_auto", "31");Deleted : user_pref("CT3007394.backendstorage.cbfirsttime", "4D6F6E204E6F7620313420323031312031303A30373A32372[...]Deleted : user_pref("CT3007394.backendstorage.dealplyhardid", "333538313534373730313635343535393539");Deleted : user_pref("CT3007394.backendstorage.dealplywasshownctsettingswidget", "31");Deleted : user_pref("CT3007394.backendstorage.firstrun", "31333233303331323231363233");Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_starwebnet_com.pid2", "6133343337303161646330626136[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "313063666639346433343832[...]Deleted : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3130636666393464333438323[...]Deleted : user_pref("CT3007394.backendstorage.key_user_agree_ia12", "31");Deleted : user_pref("CT3007394.backendstorage.loadtimes", "31");Deleted : user_pref("CT3007394.backendstorage.shoppingapp.gk.exipres", "546875204D617220323220323031322032323A[...]Deleted : user_pref("CT3007394.backendstorage.shoppingapp.gk.geolocation", "63616E616461");Deleted : user_pref("CT3007394.backendstorage.url_history", "68747470733A2F2F7777772E7469636B65746D61737465722[...]Deleted : user_pref("CT3007394.backendstorage.url_history_time", "31333235393732333632303539");Deleted : user_pref("CT3007394.backendstorage.user_uniqueid", "63356336613138612D336338612D633134612D386434322[...]Deleted : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]Deleted : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central [...]Deleted : user_pref("CT3007394.homepageProtectorEnableByLogin", true);Deleted : user_pref("CT3007394.initDone", true);Deleted : user_pref("CT3007394.isAppTrackingManagerOn", true);Deleted : user_pref("CT3007394.isFirstRadioInstallation", false);Deleted : user_pref("CT3007394.myStuffEnabled", true);Deleted : user_pref("CT3007394.myStuffPublihserMinWidth", 400);Deleted : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]Deleted : user_pref("CT3007394.myStuffServiceIntervalMM", 1440);Deleted : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]Deleted : user_pref("CT3007394.oldAppsList", "129496561699875753,129496561700500759,111,129754315803927444,129[...]Deleted : user_pref("CT3007394.revertSettingsEnabled", false);Deleted : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10);Deleted : user_pref("CT3007394.searchProtectorEnableByLogin", true);Deleted : user_pref("CT3007394.testingCtid", "");Deleted : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central D[...]Deleted : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Sat Mar 17 2012 22:49:57 GMT-0500 (Central D[...]Deleted : user_pref("CT3007394.usagesFlag", 2);Deleted : user_pref("CT3131886..clientLogIsEnabled", false);Deleted : user_pref("CT3131886..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]Deleted : user_pref("CT3131886..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]Deleted : user_pref("CT3131886.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Deleted : user_pref("CT3131886.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");Deleted : user_pref("CT3131886.BrowserCompStateIsOpen_129730831435930026", true);Deleted : user_pref("CT3131886.CTID", "CT3131886");Deleted : user_pref("CT3131886.CurrentServerDate", "30-10-2012");Deleted : user_pref("CT3131886.DSChangedManually", false);Deleted : user_pref("CT3131886.DSInstall", true);Deleted : user_pref("CT3131886.DSProtectChoice", true);Deleted : user_pref("CT3131886.DSProtectCount", 3);Deleted : user_pref("CT3131886.DialogsAlignMode", "LTR");Deleted : user_pref("CT3131886.DialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylig[...]Deleted : user_pref("CT3131886.DownloadReferralCookieData", "");Deleted : user_pref("CT3131886.EMailNotifierPollDate", "Fri Sep 07 2012 10:51:30 GMT-0500 (Central Daylight Ti[...]Deleted : user_pref("CT3131886.FirstServerDate", "7-8-2012");Deleted : user_pref("CT3131886.FirstTime", true);Deleted : user_pref("CT3131886.FirstTimeFF3", true);Deleted : user_pref("CT3131886.FirstTimeHiddenVer", true);Deleted : user_pref("CT3131886.FixPageNotFoundErrors", true);Deleted : user_pref("CT3131886.GroupingServerCheckInterval", 1440);Deleted : user_pref("CT3131886.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");Deleted : user_pref("CT3131886.HPInstall", true);Deleted : user_pref("CT3131886.HPProtectChoice", true);Deleted : user_pref("CT3131886.HPProtectCount", 1);Deleted : user_pref("CT3131886.HasUserGlobalKeys", true);Deleted : user_pref("CT3131886.HomePageProtectorEnabled", true);Deleted : user_pref("CT3131886.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=[...]Deleted : user_pref("CT3131886.Initialize", true);Deleted : user_pref("CT3131886.InitializeCommonPrefs", true);Deleted : user_pref("CT3131886.InstallationAndCookieDataSentCount", 3);Deleted : user_pref("CT3131886.InstallationId", "conduitinstaller.exe");Deleted : user_pref("CT3131886.InstallationType", "ConduitNSISIntegration");Deleted : user_pref("CT3131886.InstalledDate", "Tue Aug 07 2012 14:41:55 GMT-0500 (Central Daylight Time)");Deleted : user_pref("CT3131886.InvalidateCache", false);Deleted : user_pref("CT3131886.IsAlertDBUpdated", true);Deleted : user_pref("CT3131886.IsGrouping", false);Deleted : user_pref("CT3131886.IsInitSetupIni", true);Deleted : user_pref("CT3131886.IsMulticommunity", false);Deleted : user_pref("CT3131886.IsOpenThankYouPage", false);Deleted : user_pref("CT3131886.IsOpenUninstallPage", true);Deleted : user_pref("CT3131886.IsProtectorsInit", true);Deleted : user_pref("CT3131886.LanguagePackLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayligh[...]Deleted : user_pref("CT3131886.LanguagePackReloadIntervalMM", 1440);Deleted : user_pref("CT3131886.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]Deleted : user_pref("CT3131886.LastLogin_3.13.0.6", "Fri Aug 24 2012 11:27:02 GMT-0500 (Central Daylight Time)[...]Deleted : user_pref("CT3131886.LastLogin_3.15.1.0", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight Time)[...]Deleted : user_pref("CT3131886.LatestVersion", "3.15.1.0");Deleted : user_pref("CT3131886.Locale", "en");Deleted : user_pref("CT3131886.MCDetectTooltipHeight", "83");Deleted : user_pref("CT3131886.MCDetectTooltipShow", false);Deleted : user_pref("CT3131886.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Deleted : user_pref("CT3131886.MCDetectTooltipWidth", "295");Deleted : user_pref("CT3131886.MyStuffEnabledAtInstallation", true);Deleted : user_pref("CT3131886.OriginalFirstVersion", "3.13.0.6");Deleted : user_pref("CT3131886.RadioIsPodcast", false);Deleted : user_pref("CT3131886.RadioLastCheckTime", "Fri Sep 07 2012 10:46:30 GMT-0500 (Central Daylight Time)[...]Deleted : user_pref("CT3131886.RadioLastUpdateIPServer", "3");Deleted : user_pref("CT3131886.RadioLastUpdateServer", "3");Deleted : user_pref("CT3131886.RadioMediaID", "9962");Deleted : user_pref("CT3131886.RadioMediaType", "Media Player");Deleted : user_pref("CT3131886.RadioMenuSelectedID", "EBRadioMenu_CT31318869962");Deleted : user_pref("CT3131886.RadioShrinkedFromSetup", false);Deleted : user_pref("CT3131886.RadioStationName", "California%20Rock");Deleted : user_pref("CT3131886.RadioStationURL", "hxxp://feedlive.net/california.asx");Deleted : user_pref("CT3131886.SHRINK_TOOLBAR", 1);Deleted : user_pref("CT3131886.SavedHomepage", "about:home");Deleted : user_pref("CT3131886.SearchCaption", "Vgrabber1 Customized Web Search");Deleted : user_pref("CT3131886.SearchEngineBeforeUnload", "Vgrabber1 Customized Web Search");Deleted : user_pref("CT3131886.SearchFromAddressBarIsInit", true);Deleted : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]Deleted : user_pref("CT3131886.SearchInNewTabEnabled", true);Deleted : user_pref("CT3131886.SearchInNewTabIntervalMM", 1440);Deleted : user_pref("CT3131886.SearchInNewTabLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Dayli[...]Deleted : user_pref("CT3131886.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]Deleted : user_pref("CT3131886.SearchProtectorEnabled", false);Deleted : user_pref("CT3131886.SearchProtectorToolbarDisabled", false);Deleted : user_pref("CT3131886.SendProtectorDataViaLogin", true);Deleted : user_pref("CT3131886.ServiceMapLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central Daylight [...]Deleted : user_pref("CT3131886.SettingsLastCheckTime", "Tue Oct 30 2012 14:53:09 GMT-0500 (Central Daylight Ti[...]Deleted : user_pref("CT3131886.SettingsLastUpdate", "1351523139");Deleted : user_pref("CT3131886.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");Deleted : user_pref("CT3131886.ThirdPartyComponentsInterval", 504);Deleted : user_pref("CT3131886.ThirdPartyComponentsLastCheck", "Tue Oct 16 2012 09:30:39 GMT-0500 (Central Day[...]Deleted : user_pref("CT3131886.ThirdPartyComponentsLastUpdate", "1331805997");Deleted : user_pref("CT3131886.ToolbarShrinkedFromSetup", false);Deleted : user_pref("CT3131886.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3131886");Deleted : user_pref("CT3131886.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]Deleted : user_pref("CT3131886.UserID", "UN94108909980738385");Deleted : user_pref("CT3131886.ValidationData_Search", 2);Deleted : user_pref("CT3131886.ValidationData_Toolbar", 2);Deleted : user_pref("CT3131886.WeatherNetwork", "");Deleted : user_pref("CT3131886.WeatherPollDate", "Fri Sep 07 2012 10:46:31 GMT-0500 (Central Daylight Time)");Deleted : user_pref("CT3131886.WeatherUnit", "C");Deleted : user_pref("CT3131886.alertChannelId", "1528270");Deleted : user_pref("CT3131886.approveUntrustedApps", false);Deleted : user_pref("CT3131886.autoDisableScopes", -1);Deleted : user_pref("CT3131886.backendstorage.cbcountry_001", "4341");Deleted : user_pref("CT3131886.backendstorage.cbfirsttime", "5475652041756720303720323031322031343A34323A30332[...]Deleted : user_pref("CT3131886.backendstorage.shoppingapp.gk.exipres", "5765642053657020313220323031322031303A[...]Deleted : user_pref("CT3131886.backendstorage.shoppingapp.gk.geolocation", "63616E616461");Deleted : user_pref("CT3131886.backendstorage.url_history0001", "68747470733A2F2F6D796163636F756E742E737475626[...]Deleted : user_pref("CT3131886.components.1000034", false);Deleted : user_pref("CT3131886.components.1000082", false);Deleted : user_pref("CT3131886.components.1000234", false);Deleted : user_pref("CT3131886.components.129730831435930026", false);Deleted : user_pref("CT3131886.components.524677150398786033", false);Deleted : user_pref("CT3131886.components.5905781182315170198", false);Deleted : user_pref("CT3131886.components.8352985832934023790", false);Deleted : user_pref("CT3131886.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]Deleted : user_pref("CT3131886.globalFirstTimeInfoLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central [...]Deleted : user_pref("CT3131886.homepageProtectorEnableByLogin", true);Deleted : user_pref("CT3131886.initDone", true);Deleted : user_pref("CT3131886.isAppTrackingManagerOn", false);Deleted : user_pref("CT3131886.isFirstRadioInstallation", false);Deleted : user_pref("CT3131886.myStuffEnabled", true);Deleted : user_pref("CT3131886.myStuffPublihserMinWidth", 400);Deleted : user_pref("CT3131886.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]Deleted : user_pref("CT3131886.myStuffServiceIntervalMM", 1440);Deleted : user_pref("CT3131886.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]Deleted : user_pref("CT3131886.navigateToUrlOnSearch", false);Deleted : user_pref("CT3131886.revertSettingsEnabled", false);Deleted : user_pref("CT3131886.searchProtectorDialogDelayInSec", 10);Deleted : user_pref("CT3131886.searchProtectorEnableByLogin", true);Deleted : user_pref("CT3131886.testingCtid", "");Deleted : user_pref("CT3131886.toolbarAppMetaDataLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]Deleted : user_pref("CT3131886.toolbarContextMenuLastCheckTime", "Tue Oct 30 2012 14:53:10 GMT-0500 (Central D[...]Deleted : user_pref("CT3131886.usagesFlag", 2);Deleted : user_pref("CT3184201.autoDisableScopes", -1);Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&Search[...]Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber1 Customized Web Search");Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3007394/CT3007394[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3131886/CT3131886[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/CA", "\"0\"[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1528270/1523533/CA", "\"0\"[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3131886", [...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3131886",[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f61[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jimmy\\AppData\\Roaming\\Mozilla\\F[...]Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...]Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3007394,CT3131886");Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3007394,CT3131886");Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394,CT3131886");Deleted : user_pref("CommunityToolbar.globalUserId", "cfa6a056-b3a6-49dd-a5f4-6a527a1dde7b");Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3131886");Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 30 2012 14:53:2[...]Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 30 2012 14:53:35 GMT-050[...]Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Deleted : user_pref("CommunityToolbar.notifications.locale", "en");Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 30 2012 14:53:25 GMT-0500 (C[...]Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Deleted : user_pref("CommunityToolbar.notifications.userId", "3d548f0a-0364-4773-aaad-ddf9ba381f72");Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber1 Customized Web Search");Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=13");Deleted : user_pref("extensions.BabylonToolbar.admin", false);Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar.babExt", "");Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478");Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 17);Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);Deleted : user_pref("extensions.BabylonToolbar.id", "3421d9cb0000000000006c626d04a8ee");Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15311");Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...]Deleted : user_pref("extensions.BabylonToolbar.lastDP", 17);Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:30:40");Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");Deleted : user_pref("extensions.BabylonToolbar.newTab", true);Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 62716807);Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:30:40");Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478");Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "3421d9cb0000000000006c626d04a8ee");Deleted : user_pref("extensions.BabylonToolbar_i.id", "3421d9cb0000000000006c626d04a8ee");Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15311");Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:30:40");Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1345846103);Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);Deleted : user_pref("extensions.crossriderapp5060.5060.active", true);Deleted : user_pref("extensions.crossriderapp5060.5060.addressbar", "");Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);Deleted : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);Deleted : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");Deleted : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1345846103");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1345846103");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 15:[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22CA%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1351627333");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1346215148681");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2271399%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1346215132842");Deleted : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");Deleted : user_pref("extensions.crossriderapp5060.5060.domain", "");Deleted : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);Deleted : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");Deleted : user_pref("extensions.crossriderapp5060.5060.group", 0);Deleted : user_pref("extensions.crossriderapp5060.5060.homepage", "");Deleted : user_pref("extensions.crossriderapp5060.5060.iframe", false);Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Oct 30[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]Deleted : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]Deleted : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");Deleted : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");Deleted : user_pref("extensions.crossriderapp5060.5060.newtab", "");Deleted : user_pref("extensions.crossriderapp5060.5060.opensearch", "");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);Deleted : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");Deleted : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);Deleted : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);Deleted : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");Deleted : user_pref("extensions.crossriderapp5060.5060.thankyou", "");Deleted : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);Deleted : user_pref("extensions.crossriderapp5060.5060.ver", 37);Deleted : user_pref("extensions.crossriderapp5060.adsOldValue", -1);Deleted : user_pref("extensions.crossriderapp5060.apps", "5060");Deleted : user_pref("extensions.crossriderapp5060.bic", "13970ac45d1fea38dfe70a3d79b4c9f2");Deleted : user_pref("extensions.crossriderapp5060.cid", 5060);Deleted : user_pref("extensions.crossriderapp5060.firstrun", false);Deleted : user_pref("extensions.crossriderapp5060.hadappinstalled", true);Deleted : user_pref("extensions.crossriderapp5060.installationdate", 1346215105);Deleted : user_pref("extensions.crossriderapp5060.lastcheck", 22527113);Deleted : user_pref("extensions.crossriderapp5060.lastcheckitem", 22527130);Deleted : user_pref("extensions.crossriderapp5060.modetype", "production");Deleted : user_pref("extensions.enabledAddons", "facecons@facecons.com:1.1,plugin@yontoo.com:1.20.00,{167d9323[...]Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Vgrabber1 Customized Web Search[...]Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT31[...]Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");Deleted : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");Deleted : user_pref("browser.search.selectedEngine", "Plus! Network");Profile name : defaultFile : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\7pky55tm.default\prefs.js[OK] File is clean.-\\ Chromium v [unable to get version]File : C:\Users\Jimmy\AppData\Local\Chromium\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [69662 octets] - [18/11/2012 13:36:24]AdwCleaner[s1].txt - [69839 octets] - [18/11/2012 15:59:25]########## EOF - C:\AdwCleaner[s1].txt - [69900 octets] ########## Link to post Share on other sites More sharing options...
nncout Posted November 18, 2012 Author ID:614561 Share Posted November 18, 2012 ComboFix 12-11-16.02 - Jimmy 18/11/2012 16:14:13.1.8 - x64 NETWORKMicrosoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.7233 [GMT -6:00]Running from: c:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31V22TYB\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\CFLogc:\cflog\EPLog.txtC:\Install.exec:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A34F3D2-7052-458A-B36D-50EFDA250AA9}.xpsc:\users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CAAC404F-D0FE-46E4-B703-1F9428B33BF1}.xpsc:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Recent\Terraria.urlc:\windows\SysWow64\URTTempc:\windows\SysWow64\URTTemp\regtlib.exe..((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))..2012-11-18 22:23 . 2012-11-18 22:23 -------- d-----w- c:\users\Natalie\AppData\Local\temp2012-11-18 22:23 . 2012-11-18 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp2012-11-18 22:15 . 2012-11-18 22:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\offreg.dll2012-11-17 18:31 . 2012-11-17 18:31 -------- d-----w- c:\users\Natalie\AppData\Roaming\Malwarebytes2012-11-17 03:21 . 2012-11-17 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-11-17 01:39 . 2012-11-17 01:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi2012-11-12 02:05 . 2012-11-12 02:08 -------- d-----w- c:\programdata\MFAData2012-11-12 02:05 . 2012-11-12 02:05 -------- d--h--w- c:\programdata\Common Files2012-11-12 02:05 . 2012-11-12 02:05 -------- d-----w- c:\users\Natalie\AppData\Local\MFAData2012-11-12 02:05 . 2012-11-12 02:05 -------- d-----w- c:\users\Natalie\AppData\Local\Avg20132012-11-11 02:38 . 2012-11-11 02:38 181808 ----a-w- c:\windows\RegBootClean.exe2012-11-11 02:32 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys2012-11-11 02:28 . 2012-11-11 02:28 -------- d-----w- c:\users\Natalie\AppData\Local\Macromedia2012-11-11 02:24 . 2012-11-11 02:24 -------- d-----w- c:\users\Natalie\AppData\Local\Mozilla2012-11-10 01:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20EFF33C-223F-49B8-91F9-5E9BB83B8247}\mpengine.dll2012-11-06 05:11 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\program files\iTunes2012-11-06 05:11 . 2012-11-06 05:11 -------- d-----w- c:\program files\iPod...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-30 15:07 . 2011-04-20 19:50 637272 ----a-w- c:\windows\system32\drivers\klif.sys2012-10-27 00:03 . 2012-09-19 22:56 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-10-27 00:03 . 2012-09-19 22:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-10-22 20:31 . 2012-09-19 22:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-10-11 08:04 . 2011-01-27 20:20 65309168 ----a-w- c:\windows\system32\MRT.exe2012-10-09 05:43 . 2012-04-01 17:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-10-09 05:43 . 2011-05-16 00:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-09-30 01:54 . 2011-08-01 16:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-19 22:48 . 2012-09-19 22:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-09-14 19:19 . 2012-10-10 18:19 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:28 . 2012-10-10 18:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-08-31 18:19 . 2012-10-10 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys2012-08-30 18:03 . 2012-10-10 18:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-30 17:12 . 2012-10-10 18:19 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12 . 2012-10-10 18:19 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-08-24 18:05 . 2012-10-10 18:19 220160 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 16:57 . 2012-10-10 18:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-24 11:15 . 2012-09-22 08:00 17810944 ----a-w- c:\windows\system32\mshtml.dll2012-08-24 10:39 . 2012-09-22 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll2012-08-24 10:31 . 2012-09-22 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll2012-08-24 10:22 . 2012-09-22 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll2012-08-24 10:21 . 2012-09-22 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll2012-08-24 10:20 . 2012-09-22 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-24 10:18 . 2012-09-22 08:00 237056 ----a-w- c:\windows\system32\url.dll2012-08-24 10:17 . 2012-09-22 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-08-24 10:14 . 2012-09-22 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-08-24 10:14 . 2012-09-22 08:00 816640 ----a-w- c:\windows\system32\jscript.dll2012-08-24 10:13 . 2012-09-22 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll2012-08-24 10:12 . 2012-09-22 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll2012-08-24 10:11 . 2012-09-22 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll2012-08-24 10:10 . 2012-09-22 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-08-24 10:09 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-08-24 10:04 . 2012-09-22 08:00 248320 ----a-w- c:\windows\system32\ieui.dll2012-08-24 06:59 . 2012-09-22 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2012-08-24 06:51 . 2012-09-22 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-08-24 06:51 . 2012-09-22 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-08-24 06:47 . 2012-09-22 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-08-24 06:47 . 2012-09-22 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-08-24 06:43 . 2012-09-22 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-08-22 18:12 . 2012-09-12 21:22 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-08-22 18:12 . 2012-09-12 21:22 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2012-08-22 18:12 . 2012-09-12 21:22 376688 ----a-w- c:\windows\system32\drivers\netio.sys2012-08-22 18:12 . 2012-09-12 21:22 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2012-08-21 21:01 . 2012-09-26 21:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2012-08-21 19:01 . 2010-09-01 18:46 125872 ----a-w- c:\windows\system32\GEARAspi64.dll2012-08-21 19:01 . 2010-09-01 18:46 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]2011-08-01 12:51 167424 ----a-w- c:\program files (x86)\facecons\Facecons.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-10 39408]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768].c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk - c:\users\Jimmy\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]NexDef Plug-in.lnk - c:\users\Jimmy\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sendori Tray Icon.lnk - c:\program files (x86)\Sendori\SendoriTray.exe [2011-8-5 74616].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]R2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-08-05 98168]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1255736]R3 X6va001;X6va001;c:\users\Jimmy\AppData\Local\Temp\00149FD.tmp [x]R3 X6va005;X6va005;c:\users\Jimmy\AppData\Local\Temp\005A6E2.tmp [x]R3 X6va006;X6va006;c:\users\Jimmy\AppData\Local\Temp\006857.tmp [x]R3 X6va008;X6va008;c:\users\Jimmy\AppData\Local\Temp\008D597.tmp [x]R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]..Contents of the 'Scheduled Tasks' folder.2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:43].2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 03:27].2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 03:27].2012-10-31 c:\windows\Tasks\HPCeeScheduleForJimmy.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dllFF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{efb1e45a-148d-40f9-a3f0-09d5577f9970} - (no file)Toolbar-10 - (no file)Notify-klogon - (no file)Toolbar-10 - (no file)WebBrowser-{EFB1E45A-148D-40F9-A3F0-09D5577F9970} - (no file)HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exeAddRemove-iBryte_playbryte - c:\program files (x86)\iBryte\playbryte\uninstall.exeAddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exeAddRemove-FoxTab PDF Creator - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\00149FD.tmp".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\005A6E2.tmp".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\006857.tmp".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]"ImagePath"="\??\c:\users\Jimmy\AppData\Local\Temp\008D597.tmp".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-11-18 16:26:21ComboFix-quarantined-files.txt 2012-11-18 22:26.Pre-Run: 827,313,774,592 bytes freePost-Run: 827,754,328,064 bytes free.- - End Of File - - A47D4EF8C8DDB7B38E495EE867D44E48 Link to post Share on other sites More sharing options...
nncout Posted November 18, 2012 Author ID:614562 Share Posted November 18, 2012 Malwarebytes Anti-Rootkit 1.1.0.1009www.malwarebytes.orgDatabase version: v2012.11.18.05Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Jimmy :: JIMMY-PC [administrator]18/11/2012 4:38:43 PMmbar-log-2012-11-18 (16-38-43).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: PUP | PUM | P2PObjects scanned: 27677Time elapsed: 5 minute(s), 31 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 9.0.8112.16421File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.793000 GHzMemory total: 8547024896, free: 6994915328------------ Kernel report ------------ 11/18/2012 16:32:16------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl2.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\hamachi.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\iertutil.dll\Windows\System32\wininet.dll\Windows\System32\lpk.dll\Windows\System32\comdlg32.dll\Windows\System32\urlmon.dll\Windows\System32\imm32.dll\Windows\System32\difxapi.dll\Windows\System32\Wldap32.dll\Windows\System32\msvcrt.dll\Windows\System32\ws2_32.dll\Windows\System32\imagehlp.dll\Windows\System32\oleaut32.dll\Windows\System32\psapi.dll\Windows\System32\msctf.dll\Windows\System32\shlwapi.dll\Windows\System32\clbcatq.dll\Windows\System32\ole32.dll\Windows\System32\shell32.dll\Windows\System32\usp10.dll\Windows\System32\gdi32.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\kernel32.dll\Windows\System32\sechost.dll\Windows\System32\normaliz.dll\Windows\System32\user32.dll\Windows\System32\rpcrt4.dll\Windows\System32\setupapi.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\wintrust.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR6Upper Device Object: 0xfffffa800acb6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000088\Lower Device Object: 0xfffffa80070989e0Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xfffffa80091ee790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000081\Lower Device Object: 0xfffffa80096ffb60Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xfffffa80091f3790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000080\Lower Device Object: 0xfffffa80096f8b60Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa80091f1790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007f\Lower Device Object: 0xfffffa8009688b60Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa80091f6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007e\Lower Device Object: 0xfffffa8009700b60Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007a8a790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa80077b0050Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorDriverEntry returned 0x0Function returned 0x0=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 9.0.8112.16421File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.793000 GHzMemory total: 8547024896, free: 6987517952------------ Kernel report ------------ 11/18/2012 16:32:38------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl2.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\hamachi.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\iertutil.dll\Windows\System32\wininet.dll\Windows\System32\lpk.dll\Windows\System32\comdlg32.dll\Windows\System32\urlmon.dll\Windows\System32\imm32.dll\Windows\System32\difxapi.dll\Windows\System32\Wldap32.dll\Windows\System32\msvcrt.dll\Windows\System32\ws2_32.dll\Windows\System32\imagehlp.dll\Windows\System32\oleaut32.dll\Windows\System32\psapi.dll\Windows\System32\msctf.dll\Windows\System32\shlwapi.dll\Windows\System32\clbcatq.dll\Windows\System32\ole32.dll\Windows\System32\shell32.dll\Windows\System32\usp10.dll\Windows\System32\gdi32.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\kernel32.dll\Windows\System32\sechost.dll\Windows\System32\normaliz.dll\Windows\System32\user32.dll\Windows\System32\rpcrt4.dll\Windows\System32\setupapi.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\wintrust.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR6Upper Device Object: 0xfffffa800acb6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000088\Lower Device Object: 0xfffffa80070989e0Lower Device Driver Name: \Driver\USBSTOR\Device already Exists: 0xfffffa8009efab90<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xfffffa80091ee790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000081\Lower Device Object: 0xfffffa80096ffb60Lower Device Driver Name: \Driver\USBSTOR\Device already Exists: 0xfffffa8007451740<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xfffffa80091f3790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000080\Lower Device Object: 0xfffffa80096f8b60Lower Device Driver Name: \Driver\USBSTOR\Device already Exists: 0xfffffa800a9ec090<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa80091f1790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007f\Lower Device Object: 0xfffffa8009688b60Lower Device Driver Name: \Driver\USBSTOR\Device already Exists: 0xfffffa8009ef05c0<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa80091f6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007e\Lower Device Object: 0xfffffa8009700b60Lower Device Driver Name: \Driver\USBSTOR\Device already Exists: 0xfffffa80096dde40<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007a8a790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa80077b0050Lower Device Driver Name: \Driver\iaStor\Device already Exists: 0xfffffa8009f72e40Downloaded database version: v2012.11.18.05Downloaded database version: v2012.11.15.02Initializing...Done!Scanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007a8a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007a8a1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007a8a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80077b0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Upper DeviceData: 0xfffff8a00fdbd5d0, 0xfffffa8007a8a790, 0xfffffa800af86790Lower DeviceData: 0xfffff8a003e548b0, 0xfffffa80077b0050, 0xfffffa8009f72e40<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 1549F232Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1929621504 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1929828352 Numsec = 23693312 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 1000204886016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa800acb6790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009fc0140, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800acb6790, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80070989e0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\------------ End ----------Upper DeviceData: 0xfffff8a00fc04730, 0xfffffa800acb6790, 0xfffffa800b1f0090Lower DeviceData: 0xfffff8a003e8ab70, 0xfffffa80070989e0, 0xfffffa8009efab90Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 4030201Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 240 Numsec = 3987216 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 2041577472 bytesSector size: 512 bytesPhysical Sector Size: 0Drive: 2, DevicePointer: 0xfffffa80091f6790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009705910, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80091f6790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009700b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xfffffa80091f1790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009703b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80091f1790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009688b60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xfffffa80091f3790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009702b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80091f3790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80096f8b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xfffffa80091ee790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009706b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80091ee790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80096ffb60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\------------ End ----------Done!Performing system, memory and registry scan...Read File: File "C:\ProgramData\{4EF77D37-415C-4195-AE30-904ED23A3940}\iLividSetupV1.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{4EF77D37-415C-4195-AE30-904ED23A3940}\instance.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.lan" is compressed (flags = 1)Read File: File "C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\instance.dat" is compressed (flags = 1)Done!Scan finished======================================= Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 19, 2012 ID:614719 Share Posted November 19, 2012 Good afternoon nncout,How is the computer running at the moment? Link to post Share on other sites More sharing options...
nncout Posted November 19, 2012 Author ID:614798 Share Posted November 19, 2012 Hi TDK, Sorry I should of included that important information in my reply!! It's still slow but I am able to start up normally. There seems to be quite a bit of improvementbut still has some issue. Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 19, 2012 ID:614939 Share Posted November 19, 2012 Good morning nncout, Please download Junkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.=====Also, please download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.=====In your reply please post the contents of the following logs:JRT.txt.OTL.txt.Extras.txt. Link to post Share on other sites More sharing options...
nncout Posted November 20, 2012 Author ID:614991 Share Posted November 20, 2012 Good day!Here are the logs....~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 3.3.4 (11.19.2012)OS: Windows 7 Home Premium x64Ran by Jimmy on 19/11/2012 at 17:56:38.23Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bProtector Start Page~~~ Registry KeysSuccessfully deleted: [Registry Key] "hkey_classes_root\appid\babylonhelper.exe"Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32"Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs"Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}~~~ FilesSuccessfully deleted: [File] C:\eula.1028.txtSuccessfully deleted: [File] C:\eula.1031.txtSuccessfully deleted: [File] C:\eula.1033.txtSuccessfully deleted: [File] C:\eula.1036.txtSuccessfully deleted: [File] C:\eula.1040.txtSuccessfully deleted: [File] C:\eula.1041.txtSuccessfully deleted: [File] C:\eula.1042.txtSuccessfully deleted: [File] C:\eula.2052.txtSuccessfully deleted: [File] C:\install.res.1028.dllSuccessfully deleted: [File] C:\install.res.1031.dllSuccessfully deleted: [File] C:\install.res.1033.dllSuccessfully deleted: [File] C:\install.res.1036.dllSuccessfully deleted: [File] C:\install.res.1040.dllSuccessfully deleted: [File] C:\install.res.1041.dllSuccessfully deleted: [File] C:\install.res.1042.dllSuccessfully deleted: [File] C:\install.res.2052.dllSuccessfully deleted: [File] C:\install.res.3082.dll~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\Jimmy\appdata\locallow\datamngr"~~~ FireFoxSuccessfully deleted: [Folder] C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\crossriderapp5060@crossrider.comSuccessfully deleted: [File] C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\blekkotb.xmlSuccessfully deleted the following from "C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\prefs.js"user_pref("extensions.crossrider.bic", "13970ac45d1fea38dfe70a3d79b4c9f2");user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,");user_pref("extentions.y2layers.installId", "9b328715-24ae-461e-8bba-b4f73784588c");user_pref("extentions.y2layers.lastDnsTest", 370011);~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 19/11/2012 at 17:57:50.11End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
nncout Posted November 20, 2012 Author ID:614992 Share Posted November 20, 2012 OTL logfile created on: 19/11/2012 6:06:46 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFSDrive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFSDrive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FATComputer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe========== Modules (No Company Name) ==================== Services (SafeList) ==========SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/01/13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/10/30 09:07:09 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)SRV - [2012/10/08 23:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/09/19 16:48:47 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/03/16 09:08:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/08/05 13:37:30 | 000,098,168 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori)SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/01/13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)DRV:64bit: - [2010/01/13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2009/11/18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)DRV:64bit: - [2009/10/12 00:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)DRV:64bit: - [2009/10/02 05:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpdIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpdIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Documents\AC3D\Elemental SwordsIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CAIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D6 E2 D7 6E 35 CD 01 [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}IE - HKCU\..\SearchScopes,DefaultScope = {E1B4F045-104E-4B2E-B36A-4609F37B6AFB}IE - HKCU\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpdIE - HKCU\..\SearchScopes\{E1B4F045-104E-4B2E-B36A-4609F37B6AFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaulturl: ""FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..network.proxy.no_proxies_on: "*.local"FF - prefs.js..network.proxy.type: 0FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 23:30:01 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2011/05/27 20:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions[2010/09/10 18:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com[2012/11/19 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions[2011/12/03 11:31:34 | 000,000,000 | ---D | M] ("Facecons") -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com[2012/05/18 21:23:11 | 000,002,266 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Google.xml[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2012/09/27 23:00:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2[2012/09/27 23:00:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F}File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{F9BBF004-6E40-4019-8214-C43A37E1D058}File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COMFile not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COMFile not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM[2012/03/18 14:04:42 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2012/03/18 14:04:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/03/18 14:04:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2012/11/18 16:24:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll (Facecons)O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe File not foundO4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not foundO4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D}: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value foundO18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value foundO18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)CREATERESTOREPOINTUnable to start System Restore Service. Error code 1084========== Files/Folders - Created Within 30 Days ==========[2012/11/19 18:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe[2012/11/19 17:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2012/11/19 17:56:08 | 000,000,000 | ---D | C] -- C:\JRT[2012/11/18 16:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/11/18 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\mbar[2012/11/18 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/11/18 16:12:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/11/18 16:12:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/11/18 16:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/11/18 16:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/11/18 16:11:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/11/18 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A20A790-2BE4-42C2-A158-6E2BB9FCA1C5}[2012/11/18 13:31:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr[2012/11/17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644}[2012/11/16 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/11/16 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/11/16 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi[2012/11/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi[2012/11/11 20:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2012/11/11 20:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[2012/11/10 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE}[2012/11/10 20:32:02 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys[2012/11/10 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1}[2012/11/10 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A}[2012/11/10 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E}[2012/11/09 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2}[2012/11/08 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A}[2012/11/07 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4}[2012/11/06 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65}[2012/11/05 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0}[2012/11/05 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA}[2012/11/05 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2012/11/05 23:11:55 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2012/11/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7}[2012/11/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73}[2012/10/31 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE}[2012/10/28 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6}[2012/10/26 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291}[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe[2012/11/19 17:58:03 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/11/19 17:58:03 | 000,676,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/11/19 17:58:03 | 000,130,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/11/19 17:56:06 | 000,895,317 | ---- | M] () -- C:\Users\Jimmy\Desktop\JRT.exe[2012/11/19 17:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/11/19 06:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/11/19 06:41:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/11/18 16:43:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/11/18 16:24:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/11/18 15:59:16 | 000,543,531 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat[2012/11/17 11:47:50 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr[2012/11/16 21:21:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/10 20:38:19 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe[2012/11/08 13:12:01 | 446,057,499 | ---- | M] () -- C:\Windows\MEMORY.DMP[2012/11/05 23:11:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/10/31 14:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job[2012/10/30 13:58:33 | 000,243,681 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf[2012/10/30 13:57:02 | 000,243,695 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf[2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/10/22 14:31:54 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]========== Files Created - No Company Name ==========[2012/11/19 17:55:52 | 000,895,317 | ---- | C] () -- C:\Users\Jimmy\Desktop\JRT.exe[2012/11/18 16:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/11/18 16:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/11/18 16:12:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/11/18 16:12:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/11/18 16:12:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/11/18 15:59:04 | 000,543,531 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe[2012/11/18 13:24:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat[2012/11/16 21:21:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/10 20:38:12 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe[2012/11/05 23:11:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/10/31 13:50:02 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job[2012/10/30 13:58:33 | 000,243,681 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf[2012/10/30 13:57:02 | 000,243,695 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf[2012/10/02 17:04:04 | 000,017,408 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\WebpageIcons.db[2012/09/19 16:48:52 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/09/19 16:48:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/03/13 12:22:38 | 000,002,078 | ---- | C] () -- C:\Windows\wininit.ini[2012/01/27 15:59:30 | 000,025,397 | ---- | C] () -- C:\Users\Jimmy\CrossFire_1082.dlbt[2011/12/03 14:28:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll[2011/10/31 19:31:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe[2011/10/31 19:31:01 | 000,277,366 | ---- | C] () -- C:\Windows\unins000.dat[2011/09/07 08:04:05 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{0839F303-1221-445F-8C98-AEB75D5C32B9}[2011/06/18 11:29:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat[2011/06/08 22:41:48 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sxxssul.dll[2011/05/30 14:13:24 | 004,427,872 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.0[2011/05/30 14:13:24 | 001,198,354 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.JPG[2011/05/26 19:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2011/04/04 11:49:23 | 003,788,320 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.0[2011/04/04 11:49:23 | 000,740,779 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.JPG[2010/12/12 14:56:32 | 000,566,540 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.JPG[2010/11/30 21:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI[2010/11/30 21:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI[2010/10/07 16:34:00 | 000,545,617 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.1[2010/10/07 16:33:59 | 000,547,161 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.0[2010/09/03 11:10:34 | 000,000,093 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\fusioncache.dat========== ZeroAccess Check ==========[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2012/11/18 13:36:27 | 000,069,662 | ---- | M] () -- C:\AdwCleaner[R1].txt[2012/11/18 15:59:43 | 000,069,902 | ---- | M] () -- C:\AdwCleaner[s1].txt[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat[2012/11/18 16:26:21 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt[2012/08/24 16:10:01 | 000,000,009 | ---- | M] () -- C:\END[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt[2010/09/07 17:50:32 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll[2012/11/19 17:53:10 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI< %systemroot%\*. /mp /s >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >< >< End of report > Link to post Share on other sites More sharing options...
nncout Posted November 20, 2012 Author ID:614993 Share Posted November 20, 2012 OTL logfile created on: 19/11/2012 6:06:46 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFSDrive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFSDrive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FATComputer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe========== Modules (No Company Name) ==================== Services (SafeList) ==========SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/01/13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/10/30 09:07:09 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)SRV - [2012/10/08 23:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/09/19 16:48:47 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/03/16 09:08:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/08/05 13:37:30 | 000,098,168 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori)SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/01/13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)DRV:64bit: - [2010/01/13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2009/11/18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)DRV:64bit: - [2009/10/12 00:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)DRV:64bit: - [2009/10/02 05:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpdIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpdIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Documents\AC3D\Elemental SwordsIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CAIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D6 E2 D7 6E 35 CD 01 [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}IE - HKCU\..\SearchScopes,DefaultScope = {E1B4F045-104E-4B2E-B36A-4609F37B6AFB}IE - HKCU\..\SearchScopes\{3018E814-9E7B-429F-9304-DC06D594EBDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{771D0255-20A6-40A7-8060-E681B3F9D5E8}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpdIE - HKCU\..\SearchScopes\{E1B4F045-104E-4B2E-B36A-4609F37B6AFB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaulturl: ""FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..network.proxy.no_proxies_on: "*.local"FF - prefs.js..network.proxy.type: 0FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 09:07:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 23:30:01 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2011/05/27 20:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions[2010/09/10 18:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com[2012/11/19 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions[2011/12/03 11:31:34 | 000,000,000 | ---D | M] ("Facecons") -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\extensions\facecons@facecons.com[2012/05/18 21:23:11 | 000,002,266 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bgnqzn7m.default\searchplugins\Google.xml[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/10/05 13:30:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2012/09/27 23:00:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2[2012/09/27 23:00:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F}File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\{F9BBF004-6E40-4019-8214-C43A37E1D058}File not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COMFile not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COMFile not found (No name found) -- C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BGNQZN7M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM[2012/03/18 14:04:42 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2012/03/18 14:04:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/03/18 14:04:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2012/11/18 16:24:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\facecons\Facecons.dll (Facecons)O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe File not foundO4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not foundO4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Jimmy\AppData\Local\Autobahn\nexdef.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E6BEBF-391F-4BD6-975D-D374A7F0636D}: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C494E8EE-736A-4A65-A53A-3FC3170E5B6E}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value foundO18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value foundO18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)CREATERESTOREPOINTUnable to start System Restore Service. Error code 1084========== Files/Folders - Created Within 30 Days ==========[2012/11/19 18:06:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe[2012/11/19 17:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2012/11/19 17:56:08 | 000,000,000 | ---D | C] -- C:\JRT[2012/11/18 16:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/11/18 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\mbar[2012/11/18 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/11/18 16:12:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/11/18 16:12:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/11/18 16:12:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/11/18 16:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/11/18 16:11:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/11/18 13:46:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A20A790-2BE4-42C2-A158-6E2BB9FCA1C5}[2012/11/18 13:31:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr[2012/11/17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{777214C1-806D-4C74-B5F0-BEA70214E644}[2012/11/16 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/11/16 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/11/16 19:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi[2012/11/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi[2012/11/11 20:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2012/11/11 20:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[2012/11/10 20:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A8954EB1-08E6-436E-8D99-79343203D5CE}[2012/11/10 20:32:02 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys[2012/11/10 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{98E387D9-82D1-4571-849B-BD9035876EE1}[2012/11/10 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F5DC1012-45DE-4BA6-9AD7-3E40588C681A}[2012/11/10 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8A10FA36-4BE6-42A3-A9A1-54F1B8F7B61E}[2012/11/09 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{78BC6CF0-6934-49E4-BF24-B194EF3312C2}[2012/11/08 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{53527362-5D16-42D2-9039-A03B4D0C1B7A}[2012/11/07 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDE3B612-8015-44EE-B8D1-D1FD233232E4}[2012/11/06 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4AF0EA4C-CC8D-46B8-8898-98D6FB1F6F65}[2012/11/05 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9FE3841F-6E6B-4226-AFF7-FB3ED952D0F0}[2012/11/05 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{18A5D97E-D77A-4A94-A9F2-C3271C1FDBAA}[2012/11/05 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2012/11/05 23:11:55 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2012/11/05 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2012/11/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8EAE4C1F-16AE-4360-B6C1-7156D26EBAA7}[2012/11/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D3CA3834-A5C3-44F3-926D-425F0144EA73}[2012/10/31 14:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{04EC7638-FC15-4179-91FF-EA65DA2265FE}[2012/10/28 20:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B40A531B-71B2-4E72-8507-9C9BDEB44BE6}[2012/10/26 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F9A96946-ACCD-41E6-A960-78267D4E7291}[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/11/19 18:06:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe[2012/11/19 17:58:03 | 000,796,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/11/19 17:58:03 | 000,676,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/11/19 17:58:03 | 000,130,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/11/19 17:56:06 | 000,895,317 | ---- | M] () -- C:\Users\Jimmy\Desktop\JRT.exe[2012/11/19 17:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/11/19 07:12:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/11/19 06:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/11/19 06:41:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/11/18 16:43:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/11/18 16:24:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/11/18 15:59:16 | 000,543,531 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat[2012/11/17 11:47:50 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds.scr[2012/11/16 21:21:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/10 20:38:19 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe[2012/11/08 13:12:01 | 446,057,499 | ---- | M] () -- C:\Windows\MEMORY.DMP[2012/11/05 23:11:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/10/31 14:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job[2012/10/30 13:58:33 | 000,243,681 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf[2012/10/30 13:57:02 | 000,243,695 | ---- | M] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf[2012/10/30 09:07:51 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2012/10/26 18:03:29 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/10/22 14:31:54 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Jimmy\AppData\Local\*.tmp files -> C:\Users\Jimmy\AppData\Local\*.tmp -> ]========== Files Created - No Company Name ==========[2012/11/19 17:55:52 | 000,895,317 | ---- | C] () -- C:\Users\Jimmy\Desktop\JRT.exe[2012/11/18 16:12:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/11/18 16:12:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/11/18 16:12:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/11/18 16:12:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/11/18 16:12:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/11/18 15:59:04 | 000,543,531 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe[2012/11/18 13:24:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat[2012/11/16 21:21:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/10 20:38:12 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe[2012/11/05 23:11:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/10/31 13:50:02 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJimmy.job[2012/10/30 13:58:33 | 000,243,681 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC14.pdf[2012/10/30 13:57:02 | 000,243,695 | ---- | C] () -- C:\Users\Jimmy\Documents\FargoHipC13.pdf[2012/10/02 17:04:04 | 000,017,408 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\WebpageIcons.db[2012/09/19 16:48:52 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/09/19 16:48:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/03/13 12:22:38 | 000,002,078 | ---- | C] () -- C:\Windows\wininit.ini[2012/01/27 15:59:30 | 000,025,397 | ---- | C] () -- C:\Users\Jimmy\CrossFire_1082.dlbt[2011/12/03 14:28:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll[2011/10/31 19:31:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe[2011/10/31 19:31:01 | 000,277,366 | ---- | C] () -- C:\Windows\unins000.dat[2011/09/07 08:04:05 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{0839F303-1221-445F-8C98-AEB75D5C32B9}[2011/06/18 11:29:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat[2011/06/08 22:41:48 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sxxssul.dll[2011/05/30 14:13:24 | 004,427,872 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.0[2011/05/30 14:13:24 | 001,198,354 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01305.JPG[2011/05/26 19:41:01 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2011/04/04 11:49:23 | 003,788,320 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.0[2011/04/04 11:49:23 | 000,740,779 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmpDSC01838.JPG[2010/12/12 14:56:32 | 000,566,540 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.JPG[2010/11/30 21:34:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI[2010/11/30 21:34:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI[2010/10/07 16:34:00 | 000,545,617 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.1[2010/10/07 16:33:59 | 000,547,161 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\tmp001.0[2010/09/03 11:10:34 | 000,000,093 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\fusioncache.dat========== ZeroAccess Check ==========[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2012/11/18 13:36:27 | 000,069,662 | ---- | M] () -- C:\AdwCleaner[R1].txt[2012/11/18 15:59:43 | 000,069,902 | ---- | M] () -- C:\AdwCleaner[s1].txt[2012/11/18 13:24:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat[2012/11/18 16:26:21 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt[2012/08/24 16:10:01 | 000,000,009 | ---- | M] () -- C:\END[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt[2010/09/07 17:50:32 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini[2012/11/19 17:53:12 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll[2012/11/19 17:53:10 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI< %systemroot%\*. /mp /s >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >< >< End of report > Link to post Share on other sites More sharing options...
nncout Posted November 20, 2012 Author ID:614997 Share Posted November 20, 2012 Sorry, posted the same log twice!! Here is the correct third one....OTL Extras logfile created on: 19/11/2012 6:06:46 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy7.96 Gb Total Physical Memory | 7.09 Gb Available Physical Memory | 89.04% Memory free15.92 Gb Paging File | 15.08 Gb Available in Paging File | 94.76% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.12 Gb Total Space | 769.93 Gb Free Space | 83.68% Space Free | Partition Type: NTFSDrive D: | 11.30 Gb Total Space | 1.62 Gb Free Space | 14.35% Space Free | Partition Type: NTFSDrive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.35% Space Free | Partition Type: FATComputer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0327FFC8-2332-4D37-B1B3-896C620855B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{153D77B8-A254-489D-8A0D-7B76F7EE11A7}" = rport=139 | protocol=6 | dir=out | app=system |"{32D40E0F-856C-4B1F-A242-58F48AFA8237}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{350C6887-5617-4AED-88F0-C358503E3CE1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{35583BA4-7517-4B74-A904-B19540EC5316}" = lport=2869 | protocol=6 | dir=in | app=system |"{38D43054-061C-43EA-99E1-542C5FBA3359}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{41A4CD54-4407-4581-985D-AD620991BDB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{4A2F3F35-A108-4AD1-9AF2-02210400F83E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{53E1D71C-8981-4278-8B8C-1B51AAA5A9C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{547E0010-C88C-4668-B5E7-4330C4134957}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |"{5750B4DC-3E18-4B14-9D22-5C034A2B80B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |"{585AC2DC-B47C-4A3B-A155-5ED4264B9CE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{66B26965-4657-46BC-AFAC-BD256FC6BF87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{6E2FE5C4-B844-4A07-B455-797094B06C0E}" = rport=445 | protocol=6 | dir=out | app=system |"{6EE75CB2-2ED2-49D8-B1D3-0AA549990748}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{7058F735-5177-4834-AB2C-04095A5469C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{79094FA4-84E9-439B-93B3-4937F59B0157}" = lport=10243 | protocol=6 | dir=in | app=system |"{7A7C45ED-E50F-4348-8F8A-7F9409702B42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{814A5659-7789-404E-B534-D41FBEA4FD99}" = lport=139 | protocol=6 | dir=in | app=system |"{85877DF6-4487-43B4-893E-52D4B37508E9}" = lport=445 | protocol=6 | dir=in | app=system |"{8BF9409F-78A4-417D-A44C-F4C0D1A1A5CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{9421251B-937D-47CA-B174-B115800085D2}" = rport=138 | protocol=17 | dir=out | app=system |"{B7276213-8221-4F75-AB8D-3E97269FAD85}" = lport=137 | protocol=17 | dir=in | app=system |"{BA24AE5E-766C-4AC0-AC6D-EDDB60AF84DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{CBA249DD-E858-4344-908B-062D5858D0AB}" = rport=10243 | protocol=6 | dir=out | app=system |"{EF56E154-2E80-4533-ACE2-81A15EA31438}" = lport=138 | protocol=17 | dir=in | app=system |"{F022DBE6-F62E-454F-BCBC-FCABC583EC49}" = rport=137 | protocol=17 | dir=out | app=system |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01F8DE67-A521-4651-BF3F-CEACA09C4B5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{05BE491A-EE23-468C-8168-AFA5C2C7728C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{0C185EAF-0FF2-4F52-8C7E-83090E8ED968}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{0C375612-07EA-4628-9E52-4A3295A0491B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{0D42CED0-B2FB-48A8-8B7F-77BD793F451C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{0DB8D7CF-080B-49F3-866B-EF04BEBC3549}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |"{0E93593F-4342-4F46-85A0-B60DFC84FEAD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |"{13F0D570-B325-40D1-903B-2B2431EAF840}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |"{14ABFDA5-FFC5-470F-9CC1-7766DA20A854}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{16B91331-B86F-4632-AE7F-1FBDF5D94DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |"{18D54D6A-E6B0-49DA-98AF-3F43BF2CE750}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\h462825q\crossfire_downloader.exe |"{1A7EED71-A627-4CC7-AEA0-E241E35118DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |"{1E72D1AE-3002-4F4D-9BDE-4D448D2A2230}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |"{22BF683C-0FBE-49A9-8476-48EC87579A01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |"{246604E4-16C8-4FF6-91DF-F6BD222B2E69}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |"{27439393-51C8-495A-9ED9-46E6A2A45A54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |"{2D03AACD-18A7-4EC4-86F6-02F889011A20}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |"{2FE98003-AE6F-4F2F-9F64-81C4CBC22F97}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"{303F7C73-E73F-414F-847A-8F79BD9BE130}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{3104E241-DE40-4073-91F4-2A2BD6C5489C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |"{3144D522-97B4-489E-97AF-F4EBB45F2254}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |"{346FC3D1-4E80-4F67-81EB-0C6BA834EA39}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{352D2971-CD80-45CB-9B53-C336FDF853E3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |"{353ED273-E569-4E6B-B59A-3AB8CB331E0F}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\temp\cf_downloader.exe |"{3B5A13EC-E011-42EC-B5A9-189E4C50D5C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |"{3BE18569-0122-4B23-8EF4-5E96C84FBD74}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |"{410E1682-5162-4B62-9442-BC04ABCE6D7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |"{4213015D-EC14-4F7F-8297-C19E12AF8B63}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |"{42222F8F-436A-413D-A0F3-653BE746A18F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{4436EA5F-A698-4249-99CD-A010C8B74703}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{4A69845A-B4A5-4FBC-8BDE-545E6A32F852}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |"{4BA5B324-346D-4E88-BA90-2E721750CA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |"{4BC7DEA8-1C0D-4EC4-8018-07ED13D56806}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |"{4CB5782D-C9AD-4454-9EE1-DEDDFBBCA1F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |"{4D2AD28D-4AF2-4B8B-86BD-89DA0BB9BD6A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |"{4DD3BCF8-20E5-4EB4-88EC-7DC3671DA893}" = protocol=58 | dir=in | app=system |"{4E626C70-FD17-46E9-A53C-A7CA19F8F11F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{540A22BC-FAEA-444E-B6BD-9AA23D92E725}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{5494D21E-95AA-4612-83FC-8A77157DE8BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{58497AA3-86A9-435B-921C-E4F96B58FE94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |"{59BFB716-0B05-4C07-8042-B6B80A3722BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |"{5A5CE321-4910-4937-8E50-1F56861A665E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |"{5BFB5D72-5C01-4A87-8F66-F59AB0767C16}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\h462825q\crossfire_downloader.exe |"{5C07D5E6-39FA-4FE6-815D-E7A8CB6377A5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |"{5C62B81E-A0B5-4D87-8CC5-635F2CEB38E9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{5DC3B6B9-8021-4E67-8155-EB6E79279B22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{5E3E0ECF-B83C-4FC6-8C0E-BFCF52089C1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |"{5EDC1872-DF77-4228-A935-65060B980B33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{6A1AEF95-93BD-492E-BBC6-F788037E2B36}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |"{6A6819AC-A37C-4FEF-9184-7F5A4C34B5DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{6B122F6D-7AA8-4979-B443-2B4AE15244A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe |"{6BBD410A-9E86-46D5-8E15-59ABE3513797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{6FA07C27-73CF-4F1B-B70E-1CD77674A4C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |"{70463810-7270-4762-B2A0-5F13922BB73E}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |"{739BB06B-9E63-4E83-B458-5F382E549374}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |"{768DDEB1-9842-435D-9941-ED71A332D49B}" = protocol=6 | dir=out | app=system |"{771D42A1-3347-425D-896E-3CE69DFF4E3D}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |"{787C8450-FF1F-4A0D-A5BE-48A04FDEBC3E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |"{7A1E5623-5D6E-4D57-BB45-7F43284FD2C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{7AC32C30-F451-49B7-98B2-3BA859B912CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{7BC5D08F-39B4-4859-895C-BC8327FDBD0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{7F01108A-A69A-4C68-9F68-1678CB2ED402}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |"{8201C36A-CB3E-4EA2-AADD-AF570E62EFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |"{82A9A3FA-09FF-4947-9ED0-04BB1DBC20D6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |"{82E1F4F4-601E-4E45-A207-7B2F61E91207}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |"{888FB844-262D-4F0A-91FF-1127456D2864}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |"{89F56427-29B9-41BC-A95A-C9C189B27AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{8AA7A3C2-9FDC-4845-89BC-9BE9B7400EC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{8CEECDB2-A01A-487D-A8D1-7F29103F4AA2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |"{8F55A89D-CF1B-43EF-8BD9-ED7C6BC9C32F}" = protocol=17 | dir=in | app=c:\users\jimmy\desktop\crossfire_downloader.exe |"{940E55F9-F6D6-4A1E-8813-6B3FFC2B26D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{973EDEE7-8BFF-41D2-B1DE-66FA38681330}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |"{9A4A24CC-DFB0-4B76-8186-6C120EEE1E75}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{9D578739-C56E-4E7F-9458-E1C7D1CA8E07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |"{9D7A8379-F0F0-4941-9A30-05155D63F76C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |"{A3DE5861-787C-43B4-A8F4-00AE54A79227}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |"{A6663CBC-83C6-400A-A9DC-A25F4493FDFD}" = protocol=6 | dir=in | app=c:\users\jimmy\desktop\crossfire_downloader.exe |"{B13D075D-A359-4167-9DCE-964F000F67F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |"{B16EA776-9F7E-4B9C-96C9-62C9A96167B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |"{B262F8E7-CA6D-4198-99F0-E9B5D52C55B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |"{B9DFE6A8-DECB-402A-B8BE-2538A5BA6468}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |"{BCB1C49B-80F2-4F91-B6F4-9B250D06B3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |"{C044F4C9-CB89-4C69-B901-8A7EE8958D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |"{C221F2A7-35BA-4016-9674-9E7C082F2CA1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{C54F2F5B-9943-45B8-BD18-110B92FF56A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |"{C6DFD3F1-DCFA-4C04-A7AA-2A773F5948FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |"{C7DDD2C4-57DB-49DE-8742-267DF5FE0BE6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{C7E4A228-B3C4-4368-91AC-9DF397FB0B1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{C805D5CA-91C5-492C-933C-4BB3A83AF9A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{CAC56078-01AA-4543-8268-B7F539E54BE4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{CB0407E4-B7D4-41F6-834A-2306703FF516}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\nmservice.exe |"{CC20BA08-03BD-4375-A28B-4E397B2EAB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |"{CF92011B-C2BE-43D7-A07E-AD63B447D9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{D165D014-12B7-4542-B18F-07061C29F16E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |"{D38AAEB8-FD73-47FF-A068-0969D854011E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{D397CE4D-5D30-4617-A4C3-7A23BBCF4298}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\temp\cf_downloader.exe |"{D729C969-70E2-429D-8F78-42681E04FE33}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |"{D7B1F43C-834B-40B2-9237-8455B940D6EC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |"{D827C42A-CF90-4531-BD71-8173CFFC9820}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{DB09A59D-9AA9-4CBA-A1C7-26B3D48FB36F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{DEA6426C-A222-4383-A490-4847ECBF4FC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{E1BDCCCC-D86B-4B71-BCD0-77EB8F8C0AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |"{E2369942-F5BD-4BF5-BF53-E332851CEF8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |"{E3603BC8-6BF6-4551-B3A7-9F72B7F80671}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{E431F8C2-AA73-42FE-802E-A694A831952D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |"{E4441B13-B164-486B-A431-ECA9ED84FB59}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{E507AF17-8CC3-445C-960A-867CE3F3E92A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |"{E59F570B-DC6B-4F82-B869-5AF8986A3F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |"{E660ACAC-2A80-4846-95E8-00D62A16ED90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{E694BB86-3E9A-49F9-9219-4FFC13B96518}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{EB46268F-F540-4022-B6FA-C8C204C90E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |"{EC7503C1-9A36-41F0-8585-1968BEA520A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{EEF292DB-8460-401E-8399-95982CCE16C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |"{F5C3D336-B5B1-490C-AFB9-529E8F558C7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |"{F78868DF-ACF2-496D-9965-362F8C82ADD7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"TCP Query User{1998ECAF-B5AA-4C97-BE7C-C690BDD7E81A}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |"TCP Query User{2F12507E-B169-49AA-9B40-F534F29715AE}C:\program files (x86)\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |"TCP Query User{4B7A3CF0-4783-4F95-BDE3-EDB78F9FB51A}C:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe |"TCP Query User{564F0D5E-F366-4DA7-AEAF-4E45368285F4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"TCP Query User{778D0701-5899-44ED-B56D-924C5DA49C86}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |"TCP Query User{7A45BE56-007E-46CD-A6A3-A4475423EBF7}C:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe |"TCP Query User{8D127963-EEF4-4EDB-90D7-F5B9E67852A1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |"TCP Query User{A361CCC8-E6E3-4CDF-9625-5E0D9B7A76DF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |"TCP Query User{C720E95F-1FDC-4AE8-BAC4-97279D526021}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |"TCP Query User{CF970F89-35A3-4512-A2D4-FEB86AF9D62E}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |"UDP Query User{15350FE2-A82F-4409-932D-B891CCB86DB2}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\engine.exe |"UDP Query User{2BB4F892-8D0F-4377-BF72-9E15D87DE1A1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |"UDP Query User{3FDB2CED-613E-49F6-AA93-40D5E1403B43}C:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\imvuclient\1vivoxvoice.exe |"UDP Query User{4051FF79-28D4-4BE6-A07F-7830F59F1DF3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |"UDP Query User{43C62F9C-F468-4ED9-A1FF-12E4F203EE04}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |"UDP Query User{67A13C57-0A2E-4951-80CD-C6227E499278}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"UDP Query User{7CFC49B4-3E02-45F4-BB99-0CD8CBC4EE32}C:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\microsoft\windows\temporary internet files\content.ie5\lwj1dbmp\fogdownloader-rom_3_0_1_2153[1].exe |"UDP Query User{A3D52D64-2BFE-4B75-8EE8-C39E12355017}C:\program files (x86)\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |"UDP Query User{E168798D-0B68-4A3C-9492-C0D65BAF3329}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |"UDP Query User{E17A4D5D-838D-46FA-ABD2-81B82BBECCE6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{0D15DB57-D8C4-1D54-498C-B786A485C0EB}" = ATI Catalyst Install Manager"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{BE7D0221-74C3-1945-3458-7F267F30A595}" = ccc-utility64"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"OfficeTrial" = Microsoft Office Home and Student 60 day trial[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{0667699C-D5DE-FBA1-BC55-31D81FAFDD91}" = Catalyst Control Center Localization All"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0CD97270-111F-D929-18E7-E2107FE4499F}" = Catalyst Control Center Graphics Full New"{0D297E80-6159-ABD7-3A14-16CFDAFA44A7}" = CCC Help Japanese"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011"{146DD810-14C5-1D89-5B99-3A1B4C05C8E2}" = CCC Help Chinese Traditional"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{22C8FE90-9B4D-2E60-1E8F-9C7256A654C3}" = CCC Help Hungarian"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library"{25B15553-04FF-597C-7D53-DB99A148A09D}" = Catalyst Control Center Graphics Full Existing"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{295FF653-9288-4635-0FDE-05FCDD1859F3}" = CCC Help Thai"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{36C6FD07-1A5E-6DBF-C981-AD0582B32630}" = CCC Help Dutch"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor"{4220D867-4A00-9D05-761D-F5A3E379C119}" = CCC Help Chinese Standard"{422F3C60-2286-C542-9A05-E14C13EB78C8}" = CCC Help Greek"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012"{49172BBD-1298-BB63-3EE8-C4FD4C3DB2FB}" = CCC Help Russian"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4B665392-2870-F48D-C1B8-031D6475C885}" = Catalyst Control Center Core Implementation"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{4E4B05A7-B027-A08D-4D8F-3D7B55D4C0FF}" = Catalyst Control Center Graphics Light"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{54159469-0D79-E4CF-E9EB-5575FC0AD254}" = CCC Help English"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{57A67EC6-0652-4C0A-B8D4-20CD437AD033}" = Catalyst Control Center - Branding"{5C949985-1C8D-C079-F783-7C71F0B35F0D}" = CCC Help Spanish"{60827CA0-E66E-0EDA-C0F1-FAC67D6E1D20}" = Catalyst Control Center Graphics Previews Vista"{636AF808-FF89-3751-0F87-6EC11BF7F496}" = HydraVision"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library"{674EE6C1-FF81-21F9-C648-2DFC9FB8C3C8}" = CCC Help Danish"{677D2BD9-C66F-27D4-55DA-FED6438B5F81}" = CCC Help Norwegian"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari"{704DE25A-1899-BDB3-415E-30F5200F4CC0}" = CCC Help Polish"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{71B155B6-72CB-60A2-DF7D-F54C1348CE88}" = CCC Help Korean"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{7E0FF63C-9263-7847-887D-CF63233E9D66}" = CCC Help Finnish"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{8A73BE7B-7289-73A3-EAC2-36A5EBA4B2E4}" = Catalyst Control Center Graphics Previews Common"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92910761-561E-C478-E900-3F9466E5B17A}" = CCC Help Swedish"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A67DCD0F-A9B3-3126-DB5F-B98FBECB628B}" = CCC Help French"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B70891D5-6072-3739-09A5-0C4E0B62DCF9}" = Catalyst Control Center HydraVision Full"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update"{DB00E2D1-6BC3-E880-8460-5A32357DA454}" = CCC Help German"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DDFFF397-CFE1-BA87-4DC9-437C24458655}" = CCC Help Italian"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E74E7ACF-83BF-FC49-AD24-DB643672DE11}" = CCC Help Turkish"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F177CDAF-0A53-9B0D-A0F1-E83E237CA2A6}" = Catalyst Control Center InstallProxy"{F19EAEBF-5A57-651A-D8ED-7B7ECF3AD10B}" = ccc-core-static"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable"{F3CA2969-A9E4-395A-17F5-A329752A8CCE}" = CCC Help Czech"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FECBABDE-CDFA-CE29-23E2-443139BC0136}" = CCC Help Portuguese"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"AC3D 6.8.14_is1" = AC3D 6.8.14"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"aMSN" = aMSN 0.98.4"Autobahn" = NexDef Plug-in"facecons" = facecons"HP Remote Solution" = HP Remote Solution"iBryte_playbryte" = PlayBryte"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012"IrfanView" = IrfanView (remove only)"LogMeIn Hamachi" = LogMeIn Hamachi"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000"Messenger Plus!" = Messenger Plus! 5"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)"Office14.SingleImage" = Microsoft Office Home and Student 2010"PunkBusterSvc" = PunkBuster Services"Sendori" = Sendori"Steam App 113400" = APB Reloaded"Steam App 212180" = Combat Arms"Steam App 91310" = Dead Island"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine"WildTangent hp Master Uninstall" = HP Games"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR 4.20 (32-bit)========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== Last 20 Event Log Errors ==========[ Hewlett-Packard Events ]Error - 02/05/2012 11:05:47 AM | Computer Name = Jimmy-PC | Source = Hewlett-Packard | ID = 0Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()Error - 09/05/2012 11:44:08 AM | Computer Name = J
Recommended Posts