Jump to content

Friends computer

TheRanger53
 Share

Recommended Posts

TheRanger53

TheRanger53

Posted
Posted

 My friends computer has a program in it called otshots that I can't find to remove. Something also keeps redirecting me to a malicious website that avast continues to block. i have run mbam but no help for this particular thing. Running XP with service pack 3. It had Nortons 360 installed that failed to help her. I put avast on and it removed a boatload of junk. Thanks for your time.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello TheRanger53! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 10:23:00 on 2013-12-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.2089 [GMT -6:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\OtShot\otshot.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\AOL\1284105039\ee\AOLSoftware.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Common Files\AOL\1284105039\ee\aolupdates.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:1135;https=127.0.0.1:1135;
uProxyOverride = <-loopback>
uURLSearchHooks: DeviceVM Url Search Hook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - c:\windows\system32\dvmurl.dll
uURLSearchHooks: appbario15 Toolbar: {7557724b-30a9-42a4-98eb-77fcb0fd1be3} - c:\program files\appbario15\prxtbappb.dll
uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
uURLSearchHooks: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
uURLSearchHooks: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - c:\program files\internethelper3.6\prxtbInte.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
dURLSearchHooks: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: appbario15 Toolbar: {7557724b-30a9-42a4-98eb-77fcb0fd1be3} - c:\program files\appbario15\prxtbappb.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - c:\program files\internethelper3.6\prxtbInte.dll
BHO: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
BHO: Big Fish Games Toolbar: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - c:\program files\bfgbar\bfg.dll
BHO: WiseConvert B2 Toolbar: {da7a20cf-bef4-4342-ad78-0240fdf87055} - c:\program files\wiseconvert_b2\prxtbWis2.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - <orphaned>
TB: WiseConvert B2 Toolbar: {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - c:\program files\wiseconvert_b2\prxtbWis2.dll
TB: appbario15 Toolbar: {7557724B-30A9-42A4-98EB-77FCB0FD1BE3} - c:\program files\appbario15\prxtbappb.dll
TB: KeyBar 1.8 Toolbar: {9ED31F84-C8B3-4926-B950-DFF74047FF79} - c:\program files\keybar_1.8\prxtbKeyB.dll
TB: Vafmusic7 Toolbar: {37A7EDB7-AFDA-4373-9865-02BF8160E677} - c:\program files\vafmusic7\prxtbVafm.dll
TB: InternetHelper3.6 Toolbar: {94625830-343A-4DF0-88C1-444D195064D0} - c:\program files\internethelper3.6\prxtbInte.dll
TB: Big Fish Games Toolbar: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - c:\program files\bfgbar\bfg.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: WiseConvert B2 Toolbar: {da7a20cf-bef4-4342-ad78-0240fdf87055} - c:\program files\wiseconvert_b2\prxtbWis2.dll
TB: appbario15 Toolbar: {7557724b-30a9-42a4-98eb-77fcb0fd1be3} - c:\program files\appbario15\prxtbappb.dll
TB: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
TB: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
TB: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - c:\program files\internethelper3.6\prxtbInte.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN338B3G5Y05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [3c1807pd] c:\windows\system32\3cmlink.exe runservices \device\3cpipe-3c1807pd
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HostManager] c:\program files\common files\aol\1284105039\ee\AOLSoftware.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
uPolicies-Explorer: NoDriveTypeAutoRun = dword:157
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.myscrapnook.com/one-toolbaredits/menusearch.jhtml?s=200781283&p=9Nxdm002YYus&a=2BC83E33-6544-4664-8693-8770EA682114&n=2011123010&cv=1
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe


DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

TCP: Interfaces\{32535CC4-C7B8-4913-9523-A99371C93546} : DHCPNameServer = 209.55.5.10 209.55.5.11
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\movies~1\datamngr\mgrldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\



FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\myfuncards_5mei\installr\1.bin\NP5mEISb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-10-18 08:09; {3d86a75b-cb6b-4764-885d-ca6336f04ba2}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
FF - ExtSQL: 2013-10-23 12:28; {7557724b-30a9-42a4-98eb-77fcb0fd1be3}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}
FF - ExtSQL: 2013-10-23 12:45; {9ed31f84-c8b3-4926-b950-dff74047ff79}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF - ExtSQL: 2013-10-26 10:42; {37a7edb7-afda-4373-9865-02bf8160e677}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
FF - ExtSQL: 2013-11-05 19:14; {94625830-343a-4df0-88c1-444d195064d0}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}
FF - ExtSQL: 2013-11-29 18:18; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2009-06-24 10:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - false);user_pref(general.useragent.extra.brc, BRI/1
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.id - a8ed13f6000000000000bcaec50d0a2d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15618
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.716:47:36
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115887&tt=031012_IKAN_4012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.searchgol.tlbrSrchUrl -
FF - user.js: extensions.searchgol.id - a8ed13f6000000000000bcaec50d0a2d
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15988
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1920:22:58
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - en
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-29 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-29 178304]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-9-12 15172]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-29 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-29 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-29 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-29 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-29 50344]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-9-19 38440]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2013-6-27 88696]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-19 150856]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\owner\local settings\application data\torch\update\TorchCrashHandler.exe [2013-10-7 1213280]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-2-24 2558200]
S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [2009-3-27 63936]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 lokasam;lokasam;c:\windows\system32\drivers\lnhxbxcv.sys --> c:\windows\system32\drivers\lnhxbxcv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-28 1691480]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-13 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-11-30 00:20:49    --------    d-----w-    c:\documents and settings\owner\application data\AVAST Software
2013-11-30 00:18:34    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-30 00:18:33    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-30 00:18:32    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-30 00:18:32    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-30 00:18:19    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-30 00:17:47    --------    d-----w-    c:\program files\AVAST Software
2013-11-30 00:17:19    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-11-29 03:00:11    --------    d-----w-    c:\program files\CCleaner
2013-11-29 01:51:12    --------    d-sh--w-    C:\found.001
2013-11-29 01:26:35    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-29 01:26:35    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-28 18:34:22    --------    d-sh--w-    C:\found.000
2013-11-17 04:55:40    1409    ----a-w-    c:\windows\QTFont.for
2013-11-16 01:56:30    --------    d-----w-    c:\documents and settings\owner\local settings\application data\N_Tri Studio
2013-11-15 03:53:20    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Plus-HD-1.3
2013-11-15 01:05:53    --------    d-----w-    c:\program files\Ashley Clark - Secret of the Ruby
2013-11-14 23:44:32    --------    d-----w-    c:\program files\bfgclient
2013-11-10 19:20:45    --------    d-----w-    c:\documents and settings\owner\application data\HotLava
2013-11-06 01:17:52    --------    d-----w-    c:\documents and settings\owner\local settings\application data\InternetHelper3.6
2013-11-06 01:17:50    --------    d-----w-    c:\program files\InternetHelper3.6
2013-11-06 01:16:40    --------    d-----w-    c:\documents and settings\owner\local settings\application data\NativeMessaging
.
==================== Find3M  ====================
.
2013-11-29 03:26:39    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-10-13 07:25:38    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25:08    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17    18944    ------w-    c:\windows\system32\corpol.dll
2013-10-13 06:57:59    385024    ------w-    c:\windows\system32\html.iec
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-09 01:28:44    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:23:52.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2009 6:04:02 PM
System Uptime: 12/4/2013 10:16:14 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A785-M
Processor: AMD Phenom 9750B Quad-Core Processor | AM2 | 2410/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 162 GiB total, 97.586 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 136 GiB total, 135.377 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1114: 10/9/2013 11:34:54 AM - SpeedScan before removal                                        
RP1115: 10/9/2013 11:59:11 AM - Removed Ask Toolbar.
RP1116: 10/9/2013 12:00:06 PM - Removed Ask Toolbar.
RP1117: 10/9/2013 12:05:20 PM - Removed MSXML 4.0 SP2 (KB954430)
RP1118: 10/11/2013 4:00:08 AM - Software Distribution Service 3.0
RP1119: 10/13/2013 3:44:30 PM - Software Distribution Service 3.0
RP1120: 10/14/2013 5:39:07 AM - Configured PRODUCT_NAME
RP1121: 10/14/2013 5:40:10 AM - Configured PRODUCT_NAME
RP1122: 10/14/2013 6:02:37 AM - Configured PRODUCT_NAME
RP1123: 10/14/2013 6:10:23 AM - Configured PRODUCT_NAME
RP1124: 10/14/2013 6:11:06 AM - Configured PRODUCT_NAME
RP1125: 10/14/2013 6:12:33 AM - Restore Operation
RP1126: 10/14/2013 6:41:30 AM - September 15, 2013
RP1127: 10/14/2013 6:42:25 AM - Restore Operation
RP1128: 10/14/2013 12:35:24 PM - Software Distribution Service 3.0
RP1129: 10/17/2013 5:15:54 AM - System Checkpoint
RP1130: 10/18/2013 6:49:13 AM - System Checkpoint
RP1131: 10/18/2013 8:55:30 AM - Installed Driver Manager.
RP1132: 10/21/2013 11:24:44 AM - System Checkpoint
RP1133: 10/22/2013 1:55:05 PM - Restore Operation
RP1134: 10/22/2013 2:47:15 PM - Restore Operation
RP1135: 10/22/2013 3:38:11 PM - Restore Operation
RP1136: 10/23/2013 9:38:23 AM - DriverUpdate Installing Drivers
RP1137: 10/23/2013 9:39:08 AM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP1138: 10/23/2013 9:39:56 AM - DriverUpdate Installing Drivers
RP1139: 10/23/2013 9:40:11 AM - Software Distribution Service 3.0
RP1140: 10/23/2013 9:41:29 AM - DriverUpdate Installing Drivers
RP1141: 10/23/2013 9:44:46 AM - Software Distribution Service 3.0
RP1142: 10/23/2013 10:36:24 AM - Software Distribution Service 3.0
RP1143: 10/23/2013 11:01:56 AM - Restore Operation
RP1144: 10/23/2013 2:04:19 PM - Software Distribution Service 3.0
RP1145: 10/26/2013 10:37:40 AM - System Checkpoint
RP1146: 10/27/2013 10:58:21 AM - System Checkpoint
RP1147: 10/31/2013 1:38:15 PM - System Checkpoint
RP1148: 11/5/2013 5:10:37 PM - System Checkpoint
RP1149: 11/9/2013 6:02:49 PM - System Checkpoint
RP1150: 11/11/2013 6:34:22 AM - System Checkpoint
RP1151: 11/12/2013 11:14:08 AM - System Checkpoint
RP1152: 11/13/2013 2:33:14 PM - System Checkpoint
RP1153: 11/13/2013 8:04:51 PM - Software Distribution Service 3.0
RP1154: 11/15/2013 6:06:52 PM - System Checkpoint
RP1155: 11/19/2013 3:11:34 PM - System Checkpoint
RP1156: 11/21/2013 8:39:12 AM - System Checkpoint
RP1157: 11/22/2013 8:57:30 AM - Removed Java 7 Update 13
RP1158: 11/28/2013 9:10:34 PM - Removed AVG 2012
RP1159: 11/28/2013 9:14:08 PM - Removed AVG 2012
RP1160: 11/28/2013 9:36:24 PM - before easy cd creator removal
RP1161: 11/29/2013 11:26:35 AM - Removed WeatherBug
RP1162: 11/29/2013 6:17:47 PM - avast! antivirus system restore point
RP1163: 11/30/2013 4:47:37 AM - Configured HOT ALBUM MYBOX
RP1164: 12/3/2013 8:26:15 PM - Revo Uninstaller's restore point - MyPC Backup
RP1165: 12/3/2013 10:14:33 PM - Revo Uninstaller's restore point - Break the Curse: The Crimson Gems
RP1166: 12/3/2013 10:17:01 PM - Revo Uninstaller's restore point - Big Kahuna Reef 3
RP1167: 12/3/2013 10:20:14 PM - Revo Uninstaller's restore point - Mysteries of the Mind: Coma Collector's Edition
RP1168: 12/3/2013 10:22:13 PM - Revo Uninstaller's restore point - Corpatros: The Hidden Village
RP1169: 12/3/2013 10:23:37 PM - Revo Uninstaller's restore point - Mystery Case Files®: Shadow Lake Collector's Edition
RP1170: 12/3/2013 10:25:00 PM - Revo Uninstaller's restore point - Mystery Murders: The Sleeping Palace
RP1171: 12/3/2013 10:27:27 PM - Revo Uninstaller's restore point - Mystic Diary: Missing Pages
RP1172: 12/3/2013 10:28:58 PM - Revo Uninstaller's restore point - Sable Maze: Sullivan River Collector's Edition
RP1173: 12/3/2013 10:31:06 PM - Revo Uninstaller's restore point - Whispered Secrets: The Story of Tideville Collector's Edition
RP1174: 12/3/2013 10:33:06 PM - Revo Uninstaller's restore point - Strangestone
RP1175: 12/3/2013 10:37:14 PM - Revo Uninstaller's restore point - Unlikely Suspects
RP1176: 12/3/2013 10:38:28 PM - Revo Uninstaller's restore point - Sherlock Holmes VS Jack the Ripper
RP1177: 12/3/2013 10:40:39 PM - Revo Uninstaller's restore point - The Path of Hercules
RP1178: 12/3/2013 10:46:59 PM - Revo Uninstaller's restore point - Unfinished Tales: Illicit Love Collector's Edition
RP1179: 12/3/2013 10:49:35 PM - Revo Uninstaller's restore point - The Invisible Man
RP1180: 12/3/2013 11:02:35 PM - Software Distribution Service 3.0
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
4200
4200_Help
4200Tour
4200Trb
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
AiO_Scan
AIOMinimal
AiOSoftware
Amazing Bubbles 3D 1.4
AMD Processor Driver
Anti-phishing Domain Advisor
AOL Registration
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
appbario15 Toolbar for IE
Art Explosion Scrapbook Factory Deluxe
Ashley Clark: Secret of the Ruby
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
avast! Free Antivirus
Belarc Advisor 8.1
Big Fish Games Toolbar 2.0
Big Fish: Game Manager
Bing Rewards Client Installer
Browser Configuration Utility
CassetteMate
Castle: Never Judge a Book by Its Cover
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
CDDRV_Installer
Criminal Stories: Presumed Partners
Critical Update for Windows Media Player 11 (KB959772)
Death Pages: Ghost Library
Define Ext
Download Internet Explorer 10 10.0.01
Download Updater (AOL Inc.)
DriverScanner
DriverUpdate
Echoes of the Past: The Castle of Shadows Collector's Edition
Fax
File Type Assistant
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
flowBubbles screensaver 3.26
Free File Viewer 2012
HOT ALBUM MYBOX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP FWUpdateEDO2
HP Memories Disc
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP PSC & OfficeJet 3.5
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
ImageMixer VCD2 for FinePix
KhalSetup
Legends of Solitaire: The Lost Cards
Level Quality Watcher
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia 2000
Microsoft Home Publishing 2000
Microsoft IntelliType Pro 2.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Picture It! Express 2000
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Mountain Trap: The Manor of Memories
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nancy Drew: Warnings at Waverly Academy
Nero
Nightmare Adventures: The Turning Thorn
Norton PartitionMagic
Norton PartitionMagic 8.0
NTI CD-Maker 2000 Professional
NTI FileCD
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
Overland
PhoneTools
Photo Notifier and Animation Creator
Photo Transport
Platform
PrintScreen
QuickTime
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Search Protect by conduit
Secrets of the Titanic 1912-2012
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Seven Seas Solitaire
ShareIns
Skins
Slingo Supreme 2
SmartSound Quicktracks Plugin
Solitaire Kingdom Quest
Speed Analysis 3
Suburban Mysteries: The Labyrinth of the Past
T-Shirt Creator 32
The Chronicles of Emerland Solitaire
The Great Unknown: Houdini's Castle Collector's Edition
The Treasures of Montezuma
Tomb Raider: Legend 1.1
Tomb Raider: Underworld 1.0
TopArcadeHits
Torch
Tuvaro toolbar  
U.S. Robotics ControlCenter
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire Legends: The True Story of Kisilova Collector's Edition
Vegas Penny Slots
VIA Platform Device Manager
Victorian Mysteries®: The Yellow Room
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Webshots Desktop
Where Angels Cry
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
YouTube Uploader for CASIO
ZenGems
Zula Games
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
12/4/2013 10:17:00 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd nvgts
11/29/2013 6:16:30 PM, error: PlugPlayManager [11]  - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
11/29/2013 11:50:21 AM, error: Service Control Manager [7023]  - The DNS Client service terminated with the following error:  No protocol sequences have been registered.
11/29/2013 11:50:20 AM, error: dnscache [11004]  - Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache" to start the DNS Client service. For specific error code information, see the record data displayed below.
11/28/2013 8:53:23 PM, error: Service Control Manager [7000]  - The Datamngr Coordinator service failed to start due to the following error:  The system cannot find the path specified.
11/28/2013 7:57:14 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd
11/28/2013 7:57:13 PM, error: Service Control Manager [7022]  - The Wsys Service service hung on starting.
11/28/2013 7:57:13 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
11/28/2013 7:57:13 PM, error: Service Control Manager [7000]  - The Level Quality Watcher service failed to start due to the following error:  The system cannot find the file specified.
11/28/2013 7:57:13 PM, error: Service Control Manager [7000]  - The Datamngr Coordinator service failed to start due to the following error:  The system cannot find the file specified.
11/28/2013 7:57:13 PM, error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/28/2013 7:42:21 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/28/2013 7:29:04 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/28/2013 7:20:48 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM BANTExt BHDrvx86 ccSet_N360 eeCtrl Fips Lbd SRTSPX SymIRON SYMTDI
11/28/2013 7:19:21 PM, error: Application Popup [876]  - Driver Cdr4vsd.SYS has been blocked from loading.
.
==== End Of File ===========================
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello TheRanger53! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
What exactly is the problem?
Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

Her browser keeps getting directed to a site that says the previous site was unsafe, including your site, but when I close that site the one that I am trying to reach is already loaded. There is also a popup about otshots not loading although I can't find any reference on her drives refering to otshots. She had some trojans and other malware that Malwarebytes removed along with avast that I installed but there seems to be other problems that I can't see. She also had pups in the thousands. Thanks for your help.

Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

The browser redirect seems to be fixed but still getting popups about calliing for support. At start up there is an error message about the skin not loading for otshot and that cd recording devices are causing problems for windows and have been shut down. I uninstalled realplayer as that seemed to be one of the problems. I also ran a complete scan with mbam and supermalware program that took out a lot of things. Here is the latest dds results.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:23:56 on 2013-12-09
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.2390 [GMT -6:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\OtShot\otshot.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1284105039\ee\AOLSoftware.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:1135;https=127.0.0.1:1135;
uProxyOverride = <-loopback>
uURLSearchHooks: DeviceVM Url Search Hook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - c:\windows\system32\dvmurl.dll
uURLSearchHooks: appbario15 Toolbar: {7557724b-30a9-42a4-98eb-77fcb0fd1be3} - c:\program files\appbario15\prxtbappb.dll
uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
uURLSearchHooks: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
uURLSearchHooks: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - c:\program files\internethelper3.6\prxtbInte.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
dURLSearchHooks: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: appbario15 Toolbar: {7557724b-30a9-42a4-98eb-77fcb0fd1be3} - c:\program files\appbario15\prxtbappb.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - c:\program files\internethelper3.6\prxtbInte.dll
BHO: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
BHO: Big Fish Games Toolbar: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - c:\program files\bfgbar\bfg.dll
BHO: WiseConvert B2 Toolbar: {da7a20cf-bef4-4342-ad78-0240fdf87055} - c:\program files\wiseconvert_b2\prxtbWis2.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - <orphaned>
TB: WiseConvert B2 Toolbar: {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - c:\program files\wiseconvert_b2\prxtbWis2.dll
TB: appbario15 Toolbar: {7557724B-30A9-42A4-98EB-77FCB0FD1BE3} - c:\program files\appbario15\prxtbappb.dll
TB: KeyBar 1.8 Toolbar: {9ED31F84-C8B3-4926-B950-DFF74047FF79} - c:\program files\keybar_1.8\prxtbKeyB.dll
TB: Vafmusic7 Toolbar: {37A7EDB7-AFDA-4373-9865-02BF8160E677} - c:\program files\vafmusic7\prxtbVafm.dll
TB: InternetHelper3.6 Toolbar: {94625830-343A-4DF0-88C1-444D195064D0} - c:\program files\internethelper3.6\prxtbInte.dll
TB: Big Fish Games Toolbar: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - c:\program files\bfgbar\bfg.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: WiseConvert B2 Toolbar: {da7a20cf-bef4-4342-ad78-0240fdf87055} - c:\program files\wiseconvert_b2\prxtbWis2.dll
TB: appbario15 Toolbar: {7557724b-30a9-42a4-98eb-77fcb0fd1be3} - c:\program files\appbario15\prxtbappb.dll
TB: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
TB: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
TB: InternetHelper3.6 Toolbar: {94625830-343a-4df0-88c1-444d195064d0} - c:\program files\internethelper3.6\prxtbInte.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN338B3G5Y05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [3c1807pd] c:\windows\system32\3cmlink.exe runservices \device\3cpipe-3c1807pd
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HostManager] c:\program files\common files\aol\1284105039\ee\AOLSoftware.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
uPolicies-Explorer: NoDriveTypeAutoRun = dword:157
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.myscrapnook.com/one-toolbaredits/menusearch.jhtml?s=200781283&p=9Nxdm002YYus&a=2BC83E33-6544-4664-8693-8770EA682114&n=2011123010&cv=1
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe


DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

TCP: Interfaces\{32535CC4-C7B8-4913-9523-A99371C93546} : DHCPNameServer = 209.55.5.10 209.55.5.11
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\movies~1\datamngr\mgrldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\



FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\myfuncards_5mei\installr\1.bin\NP5mEISb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-10-18 08:09; {3d86a75b-cb6b-4764-885d-ca6336f04ba2}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
FF - ExtSQL: 2013-10-23 12:28; {7557724b-30a9-42a4-98eb-77fcb0fd1be3}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}
FF - ExtSQL: 2013-10-23 12:45; {9ed31f84-c8b3-4926-b950-dff74047ff79}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF - ExtSQL: 2013-10-26 10:42; {37a7edb7-afda-4373-9865-02bf8160e677}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
FF - ExtSQL: 2013-11-05 19:14; {94625830-343a-4df0-88c1-444d195064d0}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}
FF - ExtSQL: 2013-11-29 18:18; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2009-06-24 10:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - false);user_pref(general.useragent.extra.brc, BRI/1
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.id - a8ed13f6000000000000bcaec50d0a2d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15618
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.716:47:36
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115887&tt=031012_IKAN_4012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.searchgol.tlbrSrchUrl -
FF - user.js: extensions.searchgol.id - a8ed13f6000000000000bcaec50d0a2d
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15988
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1920:22:58
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - en
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-29 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-29 178304]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-9-12 15172]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-29 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-29 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-29 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-29 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-29 50344]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2013-6-27 88696]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-19 150856]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\owner\local settings\application data\torch\update\TorchCrashHandler.exe [2013-10-7 1213280]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-2-24 2558200]
S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [2009-3-27 63936]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 lokasam;lokasam;c:\windows\system32\drivers\lnhxbxcv.sys --> c:\windows\system32\drivers\lnhxbxcv.sys [?]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-28 1691480]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-13 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-12-09 01:59:52    --------    d-----w-    c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2013-12-09 01:58:55    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-12-09 01:58:55    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-11-30 00:20:49    --------    d-----w-    c:\documents and settings\owner\application data\AVAST Software
2013-11-30 00:18:34    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-30 00:18:33    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-30 00:18:32    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-30 00:18:32    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-30 00:18:19    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-30 00:17:47    --------    d-----w-    c:\program files\AVAST Software
2013-11-30 00:17:19    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-11-29 03:00:11    --------    d-----w-    c:\program files\CCleaner
2013-11-29 01:51:12    --------    d-sh--w-    C:\found.001
2013-11-29 01:26:35    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-29 01:26:35    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-28 18:34:22    --------    d-sh--w-    C:\found.000
2013-11-17 04:55:40    1409    ----a-w-    c:\windows\QTFont.for
2013-11-16 01:56:30    --------    d-----w-    c:\documents and settings\owner\local settings\application data\N_Tri Studio
2013-11-15 03:53:20    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Plus-HD-1.3
2013-11-15 01:05:53    --------    d-----w-    c:\program files\Ashley Clark - Secret of the Ruby
2013-11-14 23:44:32    --------    d-----w-    c:\program files\bfgclient
2013-11-10 19:20:45    --------    d-----w-    c:\documents and settings\owner\application data\HotLava
.
==================== Find3M  ====================
.
2013-12-09 04:08:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 04:08:08    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-29 03:26:39    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-10-13 07:25:38    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25:08    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17    18944    ------w-    c:\windows\system32\corpol.dll
2013-10-13 06:57:59    385024    ------w-    c:\windows\system32\html.iec
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-09 01:28:44    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
.
============= FINISH: 15:24:49.93 ===============

.
==== System Restore Points ===================
.
RP1114: 10/9/2013 11:34:54 AM - SpeedScan before removal                                        
RP1115: 10/9/2013 11:59:11 AM - Removed Ask Toolbar.
RP1116: 10/9/2013 12:00:06 PM - Removed Ask Toolbar.
RP1117: 10/9/2013 12:05:20 PM - Removed MSXML 4.0 SP2 (KB954430)
RP1118: 10/11/2013 4:00:08 AM - Software Distribution Service 3.0
RP1119: 10/13/2013 3:44:30 PM - Software Distribution Service 3.0
RP1120: 10/14/2013 5:39:07 AM - Configured PRODUCT_NAME
RP1121: 10/14/2013 5:40:10 AM - Configured PRODUCT_NAME
RP1122: 10/14/2013 6:02:37 AM - Configured PRODUCT_NAME
RP1123: 10/14/2013 6:10:23 AM - Configured PRODUCT_NAME
RP1124: 10/14/2013 6:11:06 AM - Configured PRODUCT_NAME
RP1125: 10/14/2013 6:12:33 AM - Restore Operation
RP1126: 10/14/2013 6:41:30 AM - September 15, 2013
RP1127: 10/14/2013 6:42:25 AM - Restore Operation
RP1128: 10/14/2013 12:35:24 PM - Software Distribution Service 3.0
RP1129: 10/17/2013 5:15:54 AM - System Checkpoint
RP1130: 10/18/2013 6:49:13 AM - System Checkpoint
RP1131: 10/18/2013 8:55:30 AM - Installed Driver Manager.
RP1132: 10/21/2013 11:24:44 AM - System Checkpoint
RP1133: 10/22/2013 1:55:05 PM - Restore Operation
RP1134: 10/22/2013 2:47:15 PM - Restore Operation
RP1135: 10/22/2013 3:38:11 PM - Restore Operation
RP1136: 10/23/2013 9:38:23 AM - DriverUpdate Installing Drivers
RP1137: 10/23/2013 9:39:08 AM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP1138: 10/23/2013 9:39:56 AM - DriverUpdate Installing Drivers
RP1139: 10/23/2013 9:40:11 AM - Software Distribution Service 3.0
RP1140: 10/23/2013 9:41:29 AM - DriverUpdate Installing Drivers
RP1141: 10/23/2013 9:44:46 AM - Software Distribution Service 3.0
RP1142: 10/23/2013 10:36:24 AM - Software Distribution Service 3.0
RP1143: 10/23/2013 11:01:56 AM - Restore Operation
RP1144: 10/23/2013 2:04:19 PM - Software Distribution Service 3.0
RP1145: 10/26/2013 10:37:40 AM - System Checkpoint
RP1146: 10/27/2013 10:58:21 AM - System Checkpoint
RP1147: 10/31/2013 1:38:15 PM - System Checkpoint
RP1148: 11/5/2013 5:10:37 PM - System Checkpoint
RP1149: 11/9/2013 6:02:49 PM - System Checkpoint
RP1150: 11/11/2013 6:34:22 AM - System Checkpoint
RP1151: 11/12/2013 11:14:08 AM - System Checkpoint
RP1152: 11/13/2013 2:33:14 PM - System Checkpoint
RP1153: 11/13/2013 8:04:51 PM - Software Distribution Service 3.0
RP1154: 11/15/2013 6:06:52 PM - System Checkpoint
RP1155: 11/19/2013 3:11:34 PM - System Checkpoint
RP1156: 11/21/2013 8:39:12 AM - System Checkpoint
RP1157: 11/22/2013 8:57:30 AM - Removed Java 7 Update 13
RP1158: 11/28/2013 9:10:34 PM - Removed AVG 2012
RP1159: 11/28/2013 9:14:08 PM - Removed AVG 2012
RP1160: 11/28/2013 9:36:24 PM - before easy cd creator removal
RP1161: 11/29/2013 11:26:35 AM - Removed WeatherBug
RP1162: 11/29/2013 6:17:47 PM - avast! antivirus system restore point
RP1163: 11/30/2013 4:47:37 AM - Configured HOT ALBUM MYBOX
RP1164: 12/3/2013 8:26:15 PM - Revo Uninstaller's restore point - MyPC Backup
RP1165: 12/3/2013 10:14:33 PM - Revo Uninstaller's restore point - Break the Curse: The Crimson Gems
RP1166: 12/3/2013 10:17:01 PM - Revo Uninstaller's restore point - Big Kahuna Reef 3
RP1167: 12/3/2013 10:20:14 PM - Revo Uninstaller's restore point - Mysteries of the Mind: Coma Collector's Edition
RP1168: 12/3/2013 10:22:13 PM - Revo Uninstaller's restore point - Corpatros: The Hidden Village
RP1169: 12/3/2013 10:23:37 PM - Revo Uninstaller's restore point - Mystery Case Files®: Shadow Lake Collector's Edition
RP1170: 12/3/2013 10:25:00 PM - Revo Uninstaller's restore point - Mystery Murders: The Sleeping Palace
RP1171: 12/3/2013 10:27:27 PM - Revo Uninstaller's restore point - Mystic Diary: Missing Pages
RP1172: 12/3/2013 10:28:58 PM - Revo Uninstaller's restore point - Sable Maze: Sullivan River Collector's Edition
RP1173: 12/3/2013 10:31:06 PM - Revo Uninstaller's restore point - Whispered Secrets: The Story of Tideville Collector's Edition
RP1174: 12/3/2013 10:33:06 PM - Revo Uninstaller's restore point - Strangestone
RP1175: 12/3/2013 10:37:14 PM - Revo Uninstaller's restore point - Unlikely Suspects
RP1176: 12/3/2013 10:38:28 PM - Revo Uninstaller's restore point - Sherlock Holmes VS Jack the Ripper
RP1177: 12/3/2013 10:40:39 PM - Revo Uninstaller's restore point - The Path of Hercules
RP1178: 12/3/2013 10:46:59 PM - Revo Uninstaller's restore point - Unfinished Tales: Illicit Love Collector's Edition
RP1179: 12/3/2013 10:49:35 PM - Revo Uninstaller's restore point - The Invisible Man
RP1180: 12/3/2013 11:02:35 PM - Software Distribution Service 3.0
RP1181: 12/8/2013 12:35:37 PM - System Checkpoint
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
4200
4200_Help
4200Tour
4200Trb
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
AiO_Scan
AIOMinimal
AiOSoftware
Amazing Bubbles 3D 1.4
AMD Processor Driver
Anti-phishing Domain Advisor
AOL Registration
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
appbario15 Toolbar for IE
Art Explosion Scrapbook Factory Deluxe
Ashley Clark: Secret of the Ruby
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
avast! Free Antivirus
Belarc Advisor 8.1
Big Fish Games Toolbar 2.0
Big Fish: Game Manager
Bing Rewards Client Installer
Browser Configuration Utility
CassetteMate
Castle: Never Judge a Book by Its Cover
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
CDDRV_Installer
Criminal Stories: Presumed Partners
Critical Update for Windows Media Player 11 (KB959772)
Death Pages: Ghost Library
Define Ext
Download Internet Explorer 10 10.0.01
Download Updater (AOL Inc.)
DriverScanner
DriverUpdate
Echoes of the Past: The Castle of Shadows Collector's Edition
Fax
File Type Assistant
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
flowBubbles screensaver 3.26
Free File Viewer 2012
HOT ALBUM MYBOX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP FWUpdateEDO2
HP Memories Disc
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP PSC & OfficeJet 3.5
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
ImageMixer VCD2 for FinePix
KhalSetup
Legends of Solitaire: The Lost Cards
Level Quality Watcher
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia 2000
Microsoft Home Publishing 2000
Microsoft IntelliType Pro 2.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Picture It! Express 2000
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Mountain Trap: The Manor of Memories
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nancy Drew: Warnings at Waverly Academy
Nero
Nightmare Adventures: The Turning Thorn
Norton PartitionMagic
Norton PartitionMagic 8.0
NTI CD-Maker 2000 Professional
NTI FileCD
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
Overland
PhoneTools
Photo Notifier and Animation Creator
Photo Transport
Platform
PrintScreen
QuickTime
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Search Protect by conduit
Secrets of the Titanic 1912-2012
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Seven Seas Solitaire
ShareIns
Skins
Slingo Supreme 2
SmartSound Quicktracks Plugin
Solitaire Kingdom Quest
Speed Analysis 3
Suburban Mysteries: The Labyrinth of the Past
SUPERAntiSpyware
T-Shirt Creator 32
The Chronicles of Emerland Solitaire
The Great Unknown: Houdini's Castle Collector's Edition
The Treasures of Montezuma
Tomb Raider: Legend 1.1
Tomb Raider: Underworld 1.0
TopArcadeHits
Torch
Tuvaro toolbar  
U.S. Robotics ControlCenter
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vampire Legends: The True Story of Kisilova Collector's Edition
Vegas Penny Slots
VIA Platform Device Manager
Victorian Mysteries®: The Yellow Room
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Webshots Desktop
Where Angels Cry
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
YouTube Uploader for CASIO
ZenGems
Zula Games
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
12/8/2013 12:15:38 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
12/8/2013 12:15:38 PM, error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/4/2013 9:10:10 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd
12/4/2013 9:09:17 AM, error: Application Popup [876]  - Driver Cdr4vsd.SYS has been blocked from loading.
12/4/2013 10:17:00 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd nvgts
.
==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please uninstall the following applications:

Anti-phishing Domain Advisor

AOL Registration

AOL Toolbar

AOL Uninstaller (Choose which Products to Remove)

appbario15 Toolbar for IE

Define Ext

Tuvaro toolbar

Viewpoint Media Player

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4

Please download and run this tool to clean your AVG leftovers:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe

Step 5

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

Here is the Jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 12/12/2013 at 12:19:58.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] backupstack
Successfully deleted: [service] backupstack
Successfully stopped: [service] torchcrashhandler
Successfully deleted: [service] torchcrashhandler



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\addonsframework.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\buttonsite.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthost.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&search
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1606980848-796845957-725345543-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wiseconvert_b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c2f8ca82-2bd9-4513-b2d1-08a47914c1da}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2872041
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3209602
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3279414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3297951
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3303000
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3315827
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3316238
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{97D678C1-6B1F-4E08-9BBC-DFB8248DB02B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B4BB8B59-C504-4416-97FA-1757815A4F55}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B971A486-1D16-4188-971A-08313E9DAB52}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C9FC25-88B0-4682-9C9F-2608E9117647}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37a7edb7-afda-4373-9865-02bf8160e677}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37a7edb7-afda-4373-9865-02bf8160e677}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94625830-343a-4df0-88c1-444d195064d0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94625830-343a-4df0-88c1-444d195064d0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7a20cf-bef4-4342-ad78-0240fdf87055}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{da7a20cf-bef4-4342-ad78-0240fdf87055}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\driverscanner.job
Successfully deleted: [File] C:\WINDOWS\Tasks\dsmonitor.job
Successfully deleted: [File] "C:\Documents and Settings\Owner\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\WINDOWS\system32\imhttpcomm.dll"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\blekko toolbars"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\esafe"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\free ride games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\torchcrashhandler"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wecarereminder"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wincert"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\bfgbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\searchresultstb"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\ilivid player"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\ilividmoviestoolbardla"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\question_party"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\bfgbar"
Successfully deleted: [Folder] "C:\Program Files\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files\defaulttab"
Successfully deleted: [Folder] "C:\Program Files\fast free converter"
Successfully deleted: [Folder] "C:\Program Files\file type helper"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files\linksicle"
Successfully deleted: [Folder] "C:\Program Files\movies toolbar"
Successfully deleted: [Folder] "C:\Program Files\myfuncards_5mei"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Successfully deleted: [Folder] "C:\Program Files\otshot"
Successfully deleted: [Folder] "C:\Program Files\saltarsmart"
Successfully deleted: [Folder] "C:\Program Files\savevalet"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\wiseconvert_b"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\start menu\programs\browser manager"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\WINDOWS\system32\arfc"
Successfully deleted: [Folder] "C:\WINDOWS\system32\jmdp"
Successfully deleted: [Folder] "C:\WINDOWS\system32\wnlt"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\searchplugins\ask.xml
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\searchplugins\my-homepage.xml
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\searchplugins\mywebsearch.xml
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\smartbar
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\crossriderapp4493@crossrider.com
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\specialsavings@superfish.com
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\staged
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\specialsavings@superfish.com
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\s8lddmvu.default\prefs.js


user_pref("CT3279414.installType", "conduitnsisintegration");

user_pref("CT3279414.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJhcHAxMyIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvZWRpbGlhL2Vka


user_pref("CT3279414.search.searchAppId", "130028910589345878");
user_pref("CT3279414.search.searchCount", "0");
user_pref("CT3279414.smartbar.CTID", "CT3279414");
user_pref("CT3279414.smartbar.Uninstall", "0");
user_pref("CT3279414.smartbar.homepage", "true");
user_pref("CT3279414.smartbar.toolbarName", "appbario15 ");
user_pref("CT3279414.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9jaHJvbWUvaW5kZXguaHRtbD9obD1lbiZicmFuZD1DSE5HJnV0bV9zb3VyY2U9ZW4taHBwJnV0bV9tZWRpdW09aHBwJnV0bV9jYW1

user_pref("CT3286042.cb_user_id_000.enc", "Q0IyNjIxNjkyNzA5MDZfMTM4MzQ0MTUxNjk2MV9GaXJlZm94");
user_pref("CT3286042.installId", "conduitinstaller.exe");
user_pref("CT3286042.installType", "conduitnsisintegration");

user_pref("CT3286042.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJhcHAxMyIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvZWRpbGlhL2Vka
user_pref("CT3286042.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3Q


user_pref("CT3286042.originalSearchEngine", "appbario15 Customized Web Search");
user_pref("CT3286042.originalSearchEngineName", "appbario15 Customized Web Search");
user_pref("CT3286042.rematch_agent_dups.enc", "eyJodHRwOi8vc2VhcmNoLmNvbmR1aXQuY29tLz9jdGlkPUNUMzMxNTgyNyZvY3RpZD1DVDMzMTU4MjcmU2VhcmNoU291cmNlPTYxJkNVST1VTjE4NTMzODA3NzcyMDc0
user_pref("CT3286042.response_cache.enc", "eyJjaGFubmVsIjp7ImxpbmsiOiJodHRwOi8vbWFpbC5hb2wuY29tLzM4MTcyLTExMS9hb2wtNi9lbi11cy9tYWlsL1ByaW50TWVzc2FnZS5hc3B4IiwiZGVzY3JpcHRpb24i
user_pref("CT3286042.search.searchAppId", "130052378822001564");
user_pref("CT3286042.search.searchCount", "2");
user_pref("CT3286042.smartbar.CTID", "CT3286042");
user_pref("CT3286042.smartbar.Uninstall", "0");
user_pref("CT3286042.smartbar.homepage", "true");
user_pref("CT3286042.smartbar.toolbarName", "KeyBar 1.8 ");



user_pref("CT3303000.cb_user_id_000.enc", "Q0I2OTQzMjc0MjU3NDRfMTM4MzQ0MTUzOTA1NV9GaXJlZm94");
user_pref("CT3303000.installType", "conduitnsisintegration");

user_pref("CT3303000.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
user_pref("CT3303000.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMTAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGV


user_pref("CT3303000.response_cache.enc", "eyJjaGFubmVsIjp7ImxpbmsiOiJodHRwOi8vd3d3LnNlYXJjaC5hc2suY29tLz9vPUFQTjEwNjQ1QSZnY3Q9aHAmZD00MDYtMTA0MCZ2PXU5NjAyLTEzOSZ0PTQiLCJkZXNj
user_pref("CT3303000.search.searchAppId", "130136188917021865");
user_pref("CT3303000.search.searchCount", "0");
user_pref("CT3303000.smartbar.CTID", "CT3303000");
user_pref("CT3303000.smartbar.Uninstall", "0");
user_pref("CT3303000.smartbar.homepage", "true");
user_pref("CT3303000.smartbar.toolbarName", "Vafmusic7 ");
user_pref("CT3303000.url_history0001.enc", "aHR0cDovLzYzOTQuci5tc24uY29tLz9sZD02dkxwNEg2NGc0aFFYcGtzSml4UWJrSXpWVUNVemNXSE1KN252enFJRTlOT1FSeUVzeHBwWXlHRzNxN2ZjeTFLc0xkQjhoSVN

user_pref("CT3315827.installType", "conduitnsisintegration");



user_pref("CT3315827.originalSearchEngine", "Vafmusic7 Customized Web Search");
user_pref("CT3315827.originalSearchEngineName", "Vafmusic7 Customized Web Search");
user_pref("CT3315827.search.searchAppId", "130246923221938706");
user_pref("CT3315827.search.searchCount", "0");
user_pref("CT3315827.smartbar.CTID", "CT3315827");
user_pref("CT3315827.smartbar.Uninstall", "0");
user_pref("CT3315827.smartbar.homepage", "true");
user_pref("CT3315827.smartbar.toolbarName", "InternetHelper3.6 ");

user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3315827");
user_pref("aol_toolbar.search.searchtype", "web");
user_pref("browser.search.defaultthis.engineName", "InternetHelper3.6 Customized Web Search");

user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "a8ed13f6000000000000bcaec50d0a2d");
user_pref("extensions.BabylonToolbar.instlDay", "15618");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115887&tt=031012_IKAN_4012_6");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.716:47:36");


user_pref("extensions.crossrider.bic", "141fad6b224d38b59a7efe366a200bee");

user_pref("extensions.mywebsearch.prevKwdEnabled", true);

user_pref("extensions.searchgol.admin", false);
user_pref("extensions.searchgol.aflt", "babsst");
user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
user_pref("extensions.searchgol.autoRvrt", "false");
user_pref("extensions.searchgol.bbDpng", "13");
user_pref("extensions.searchgol.cntry", "US");
user_pref("extensions.searchgol.dfltLng", "en");
user_pref("extensions.searchgol.excTlbr", false);
user_pref("extensions.searchgol.ffxUnstlRst", false);
user_pref("extensions.searchgol.hdrMd5", "3154B002DF8D3185392BEBF6720D5B58");
user_pref("extensions.searchgol.id", "a8ed13f6000000000000bcaec50d0a2d");
user_pref("extensions.searchgol.instlDay", "15988");
user_pref("extensions.searchgol.instlRef", "sst");
user_pref("extensions.searchgol.lastVrsnTs", "1.8.16.1920:22:58");
user_pref("extensions.searchgol.newTab", false);
user_pref("extensions.searchgol.prdct", "searchgol");
user_pref("extensions.searchgol.prtnrId", "searchgol");
user_pref("extensions.searchgol.rvrt", "false");
user_pref("extensions.searchgol.sg", "azb");
user_pref("extensions.searchgol.smplGrp", "none");
user_pref("extensions.searchgol.tlbrId", "base");
user_pref("extensions.searchgol.tlbrSrchUrl", "");
user_pref("extensions.searchgol.vrsn", "1.8.16.19");
user_pref("extensions.searchgol.vrsnTs", "1.8.16.1920:22:58");
user_pref("extensions.searchgol.vrsni", "1.8.16.19");

user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3315827");


user_pref("smartbar.defaultSearchOwnerCTID", "CT3315827");
user_pref("smartbar.homePageOwnerCTID", "CT3315827");
user_pref("smartbar.machineId", "BD5L328ZDC7SPEXDALYRALUFVTRE4MFFR5JTIGDSS0BUVTRYCDDO81QX3PU6EWV/KTC+YIOHE0PKYTTA5FYADW");

user_pref("valueApps.CT3286042.mam_gk_appState_PiclickV2-WebSearch", "");
user_pref("valueApps.CT3286042.mam_gk_appState_PiclickV2-WebSearch.storedInFile", false);





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/12/2013 at 12:25:18.01
End of JRT log

Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

Next Log:

# AdwCleaner v3.015 - Report created 12/12/2013 at 12:40:45
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - OWNER-F220FF07F
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
Folder Deleted : C:\Program Files\Omiga Plus
Folder Deleted : C:\Program Files\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\WinZipper
Folder Deleted : C:\Program Files\appbario15
Folder Deleted : C:\Program Files\InternetHelper3.6
Folder Deleted : C:\Program Files\KeyBar_1.8
Folder Deleted : C:\Program Files\Vafmusic7
Folder Deleted : C:\Program Files\WiseConvert_B2
Folder Deleted : C:\Program Files\Common Files\337
Folder Deleted : C:\WINDOWS\system32\Browser Manager
Folder Deleted : C:\Documents and Settings\LocalService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\24x7 help
Folder Deleted : C:\Documents and Settings\NetworkService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\appbario15
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\InternetHelper3.6
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\KeyBar_1.8
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Vafmusic7
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2
Folder Deleted : C:\Documents and Settings\Owner\Application Data\337
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Omiga Plus
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Uniblue\DriverScanner
Folder Deleted : C:\Documents and Settings\Owner\Application Data\WinZipper
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\torch
Folder Deleted : C:\Documents and Settings\Owner\My Documents\PC Health Kit
Folder Deleted : C:\Documents and Settings\Administrator\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\ilividmoviestoolbardla
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\ilividmoviestoolbarha
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Smartbar
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\ValueApps
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\CT3303000
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\CT3315827
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\CT3286042
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\12ffxtbr@MyScrapNook_12.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\support@tubedimmerapp.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\{94625830-343a-4df0-88c1-444d195064d0}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\Extensions\{DE26C7F8-01DC-C9B8-2694-AE7E621D32B9}
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\searchplugins\searchgol.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20a82645-c095-46ed-80e3-08825760534b}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\chdboodilddefglllfoimeceomkpmkbi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\ae8b8db53fba47
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DC4468CA-16D3-48D2-A991-2FAC8477C6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C66B4F5-6D6C-4A1A-9466-EFE6E4077A3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9CFAF5B-E812-45AF-9484-E58823910E57}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7557724B-30A9-42A4-98EB-77FCB0FD1BE3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC4468CA-16D3-48D2-A991-2FAC8477C6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7557724B-30A9-42A4-98EB-77FCB0FD1BE3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DC4468CA-16D3-48D2-A991-2FAC8477C6F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C66B4F5-6D6C-4A1A-9466-EFE6E4077A3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D9CFAF5B-E812-45AF-9484-E58823910E57}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD4CEE7B-6B2D-4205-9A61-D9C286D50A6A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA0B7A5D-E529-4F74-910F-72A9A20FC048}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90EDA2A4-D0F2-49AE-955C-BDB0A2D0BBF5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CB7979A-FB37-43FE-AB32-D2E68D01CCEA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F80011D0-EB50-4EAF-B4EE-C4B340DF4604}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6D6EBD5-CECC-4F16-97CC-B3BFD74A68BA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A239327-0062-4A4F-A99E-5493BE263B45}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10F13A79-FAA6-4C1F-9B5A-F64857E2A2E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{990029DA-B025-4878-A1A4-E41DCE3B300E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61DA7B65-F3D9-4742-B2A9-B02F87E12C32}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7557724B-30A9-42A4-98EB-77FCB0FD1BE3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7557724B-30A9-42A4-98EB-77FCB0FD1BE3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7557724B-30A9-42A4-98EB-77FCB0FD1BE3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Documents and Settings\Owner\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\dtUser.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Owner\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DynConIE
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\searchgol LTD
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\appbario15
Key Deleted : HKCU\Software\InternetHelper3.6
Key Deleted : HKCU\Software\KeyBar_1.8
Key Deleted : HKCU\Software\Vafmusic7
Key Deleted : HKCU\Software\WiseConvert_B2
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\omigaplusSvc
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\Software\appbario15
Key Deleted : HKLM\Software\InternetHelper3.6
Key Deleted : HKLM\Software\KeyBar_1.8
Key Deleted : HKLM\Software\Vafmusic7
Key Deleted : HKLM\Software\WiseConvert_B2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_B2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividmoviestoolbardlaIE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaltarSmart
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search-Gol Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speed Analysis 3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8lddmvu.default\prefs.js ]

Line Deleted : user_pref("CT3286042.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3286042.1000234.TWC_TMP_city", "ENGLEWOOD");
Line Deleted : user_pref("CT3286042.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3286042.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3286042.1000234.TWC_locId", "USCO0128");
Line Deleted : user_pref("CT3286042.1000234.TWC_location", "Englewood, CO");
Line Deleted : user_pref("CT3286042.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3286042.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3286042.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3286042.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.FirstTime", "true");
Line Deleted : user_pref("CT3286042.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3286042.UserID", "UN12272354901579826");
Line Deleted : user_pref("CT3286042.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3286042.appOptions", "{\"1000234\":{\"render\":true}}");
Line Deleted : user_pref("CT3286042.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3286042.countryCode", "US");
Line Deleted : user_pref("CT3286042.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3286042.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3286042.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3286042.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3286042.fullUserID", "UN12272354901579826.IN.20131023124519");
Line Deleted : user_pref("CT3286042.installType", "DirectDownload");
Line Deleted : user_pref("CT3286042.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3286042.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3286042.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3286042.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.keyword", true);

Line Deleted : user_pref("CT3286042.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3286042.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fadwcleaner%2Fdl%2F125%2F\",\"EB_MAIN_FRAME_TITLE\":\"D[...]


Line Deleted : user_pref("CT3286042.originalSearchEngine", "InternetHelper3.6 Customized Web Search");
Line Deleted : user_pref("CT3286042.originalSearchEngineName", "InternetHelper3.6 Customized Web Search");
Line Deleted : user_pref("CT3286042.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"WEATHER\\\"]\"}");
Line Deleted : user_pref("CT3286042.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3286042.search.searchAppId", "130052378822001564");
Line Deleted : user_pref("CT3286042.search.searchCount", "0");
Line Deleted : user_pref("CT3286042.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3286042.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3286042.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3286042.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3286042.searchUserMode", 99);
Line Deleted : user_pref("CT3286042.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3286042\"}");

Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8 \"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_services_Configuration_lastUpdate", "1386872838668");
Line Deleted : user_pref("CT3286042.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386872838328");
Line Deleted : user_pref("CT3286042.serviceLayer_services_appsMetadata_lastUpdate", "1386872836308");
Line Deleted : user_pref("CT3286042.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386872838334");
Line Deleted : user_pref("CT3286042.serviceLayer_services_login_10.23.0.822_lastUpdate", "1386872899418");
Line Deleted : user_pref("CT3286042.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386872838375");
Line Deleted : user_pref("CT3286042.serviceLayer_services_searchAPI_lastUpdate", "1386872838189");
Line Deleted : user_pref("CT3286042.serviceLayer_services_serviceMap_lastUpdate", "1386872832118");
Line Deleted : user_pref("CT3286042.serviceLayer_services_setupAPI_lastUpdate", "1386872833840");
Line Deleted : user_pref("CT3286042.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386872838580");
Line Deleted : user_pref("CT3286042.serviceLayer_services_toolbarSettings_lastUpdate", "1386872835661");
Line Deleted : user_pref("CT3286042.serviceLayer_services_translation_lastUpdate", "1386872836299");
Line Deleted : user_pref("CT3286042.settingsINI", true);
Line Deleted : user_pref("CT3286042.showToolbarPermission", "false");
Line Deleted : user_pref("CT3286042.smartbar.CTID", "CT3286042");
Line Deleted : user_pref("CT3286042.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3286042.smartbar.homepage", true);
Line Deleted : user_pref("CT3286042.smartbar.toolbarName", "KeyBar 1.8 ");
Line Deleted : user_pref("CT3286042.toolbarBornServerTime", "12-12-2013");
Line Deleted : user_pref("CT3286042.toolbarCurrentServerTime", "12-12-2013");
Line Deleted : user_pref("CT3286042.toolbarInstallDate", "12-12-2013 12:27:13");
Line Deleted : user_pref("CT3286042.toolbarLoginClientTime", "Thu Dec 12 2013 12:27:13 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386873433378,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3303000.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3303000.1000234.TWC_TMP_city", "ENGLEWOOD");
Line Deleted : user_pref("CT3303000.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3303000.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3303000.1000234.TWC_locId", "USCO0128");
Line Deleted : user_pref("CT3303000.1000234.TWC_location", "Englewood, CO");
Line Deleted : user_pref("CT3303000.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3303000.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3303000.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3303000.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.FirstTime", "true");
Line Deleted : user_pref("CT3303000.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3303000.UserID", "UN42369419212625940");
Line Deleted : user_pref("CT3303000.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3303000.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3303000.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3303000.appOptions", "{\"1000234\":{\"render\":true}}");
Line Deleted : user_pref("CT3303000.countryCode", "US");
Line Deleted : user_pref("CT3303000.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3303000.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3303000.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3303000.fullUserID", "UN42369419212625940.IN.20131026104247");
Line Deleted : user_pref("CT3303000.installType", "DirectDownload");
Line Deleted : user_pref("CT3303000.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3303000.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3303000.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3303000.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.keyword", true);

Line Deleted : user_pref("CT3303000.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3303000.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fadwcleaner%2Fdl%2F125%2F\",\"EB_MAIN_FRAME_TITLE\":\"D[...]

Line Deleted : user_pref("CT3303000.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"WEATHER\\\"]\"}");
Line Deleted : user_pref("CT3303000.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3303000.search.searchAppId", "130136188917021865");
Line Deleted : user_pref("CT3303000.search.searchCount", "0");
Line Deleted : user_pref("CT3303000.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT3303000.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3303000.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3303000.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3303000.searchUserMode", 99);
Line Deleted : user_pref("CT3303000.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3303000\"}");

Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vafmusic7 \"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3303000.serviceLayer_services_Configuration_lastUpdate", "1386872838665");
Line Deleted : user_pref("CT3303000.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386872841809");
Line Deleted : user_pref("CT3303000.serviceLayer_services_appsMetadata_lastUpdate", "1386872836289");
Line Deleted : user_pref("CT3303000.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386872838680");
Line Deleted : user_pref("CT3303000.serviceLayer_services_login_10.23.0.822_lastUpdate", "1386872894565");
Line Deleted : user_pref("CT3303000.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386872838722");
Line Deleted : user_pref("CT3303000.serviceLayer_services_searchAPI_lastUpdate", "1386872838246");
Line Deleted : user_pref("CT3303000.serviceLayer_services_serviceMap_lastUpdate", "1386872832111");
Line Deleted : user_pref("CT3303000.serviceLayer_services_setupAPI_lastUpdate", "1386872833838");
Line Deleted : user_pref("CT3303000.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386872838758");
Line Deleted : user_pref("CT3303000.serviceLayer_services_toolbarSettings_lastUpdate", "1386872836152");
Line Deleted : user_pref("CT3303000.serviceLayer_services_translation_lastUpdate", "1386872839206");
Line Deleted : user_pref("CT3303000.settingsINI", true);
Line Deleted : user_pref("CT3303000.showToolbarPermission", "false");
Line Deleted : user_pref("CT3303000.smartbar.CTID", "CT3303000");
Line Deleted : user_pref("CT3303000.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3303000.smartbar.toolbarName", "Vafmusic7 ");
Line Deleted : user_pref("CT3303000.toolbarBornServerTime", "12-12-2013");
Line Deleted : user_pref("CT3303000.toolbarCurrentServerTime", "12-12-2013");
Line Deleted : user_pref("CT3303000.toolbarInstallDate", "12-12-2013 12:27:13");
Line Deleted : user_pref("CT3303000.toolbarLoginClientTime", "Thu Dec 12 2013 12:27:13 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3303000_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386873433301,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3315827.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3315827.1000234.TWC_TMP_city", "ENGLEWOOD");
Line Deleted : user_pref("CT3315827.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3315827.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3315827.1000234.TWC_locId", "USCO0128");
Line Deleted : user_pref("CT3315827.1000234.TWC_location", "Englewood, CO");
Line Deleted : user_pref("CT3315827.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3315827.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3315827.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3315827.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.FirstTime", "true");
Line Deleted : user_pref("CT3315827.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3315827.UserID", "UN18533807772074011");
Line Deleted : user_pref("CT3315827.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3315827.appOptions", "{}");
Line Deleted : user_pref("CT3315827.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3315827.countryCode", "US");
Line Deleted : user_pref("CT3315827.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3315827.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3315827.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3315827.fullUserID", "UN18533807772074011.IN.20131105191338");
Line Deleted : user_pref("CT3315827.installType", "DirectDownload");
Line Deleted : user_pref("CT3315827.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3315827.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3315827.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3315827.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.keyword", true);

Line Deleted : user_pref("CT3315827.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3315827.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fadwcleaner%2Fdl%2F125%2F\",\"EB_MAIN_FRAME_TITLE\":\"D[...]

Line Deleted : user_pref("CT3315827.originalSearchAddressUrl", false);
Line Deleted : user_pref("CT3315827.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3315827.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT3315827.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3315827.search.searchAppId", "130246923221938706");
Line Deleted : user_pref("CT3315827.search.searchCount", "0");
Line Deleted : user_pref("CT3315827.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3315827.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3315827.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3315827.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3315827.searchUserMode", 99);
Line Deleted : user_pref("CT3315827.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3315827\"}");

Line Deleted : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.6 \"}");
Line Deleted : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315827.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3315827.serviceLayer_services_Configuration_lastUpdate", "1386872838846");
Line Deleted : user_pref("CT3315827.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386872840226");
Line Deleted : user_pref("CT3315827.serviceLayer_services_appsMetadata_lastUpdate", "1386872836285");
Line Deleted : user_pref("CT3315827.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386872838411");
Line Deleted : user_pref("CT3315827.serviceLayer_services_login_10.23.0.822_lastUpdate", "1386872888379");
Line Deleted : user_pref("CT3315827.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386872838452");
Line Deleted : user_pref("CT3315827.serviceLayer_services_searchAPI_lastUpdate", "1386872838251");
Line Deleted : user_pref("CT3315827.serviceLayer_services_serviceMap_lastUpdate", "1386872833930");
Line Deleted : user_pref("CT3315827.serviceLayer_services_setupAPI_lastUpdate", "1386872834738");
Line Deleted : user_pref("CT3315827.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386872838488");
Line Deleted : user_pref("CT3315827.serviceLayer_services_toolbarSettings_lastUpdate", "1386872838058");
Line Deleted : user_pref("CT3315827.serviceLayer_services_translation_lastUpdate", "1386872839195");
Line Deleted : user_pref("CT3315827.settingsINI", true);
Line Deleted : user_pref("CT3315827.showToolbarPermission", "false");
Line Deleted : user_pref("CT3315827.smartbar.CTID", "CT3315827");
Line Deleted : user_pref("CT3315827.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3315827.smartbar.homepage", true);
Line Deleted : user_pref("CT3315827.smartbar.toolbarName", "InternetHelper3.6 ");
Line Deleted : user_pref("CT3315827.toolbarBornServerTime", "12-12-2013");
Line Deleted : user_pref("CT3315827.toolbarCurrentServerTime", "12-12-2013");
Line Deleted : user_pref("CT3315827.toolbarInstallDate", "12-12-2013 12:27:13");
Line Deleted : user_pref("CT3315827.toolbarLoginClientTime", "Thu Dec 12 2013 12:27:13 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3315827_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386873433220,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.8 Customized Web Search");


Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3286042");

Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" message=\"Empty\"></package>");
Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.expires", "1386877038674");

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3286042");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3286042");
Line Deleted : user_pref("smartbar.machineId", "BD5L328ZDC7SPEXDALYRALUFVTRE4MFFR5JTIGDSS0BUVTRYCDDO81QX3PU6EWV/KTC+YIOHE0PKYTTA5FYADW");
Line Deleted : user_pref("valueApps.CT3286042./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E06CG5EL8:", "6E6D696C6B6D736E7077");
Line Deleted : user_pref("valueApps.CT3286042./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F7271737974767D242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3286042./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E31;CJ=J@6M=KO9?OB)HFR", "247E61393F236B2575717573792B222D6F4250454E337B354A574D435A4A585C464C5C4F3655535F463D482B686B594D364F4043524954666569756578685C45645F426F7E[...]
Line Deleted : user_pref("valueApps.CT3286042./9B+7E31;CJ=J@6M=KO9?OB)HFR.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3286042./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042./9B-0?3G>D", "3C703B40706D756D7A70714772204B4A4D7B2521507D4F2A26545725592B5B2B2F312B2C");
Line Deleted : user_pref("valueApps.CT3286042./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3286042./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3286042./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("valueApps.CT3286042./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3286042./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3286042./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B5BA==9CJAG", "393D3D716E7443427A44747273737D75767E4B7C4F");
Line Deleted : user_pref("valueApps.CT3286042./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B6B11G4C56B>F;P;ANR@P", "6E6D696C6B6D736E7176747474");
Line Deleted : user_pref("valueApps.CT3286042./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3286042./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3286042./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3286042./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3286042./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B<:222H64<L8DAJ", "6D70706F7673737976762A7973727B77757B21");
Line Deleted : user_pref("valueApps.CT3286042./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3286042./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3286042./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3286042./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3286042./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3286042.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3286042.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3286042.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.SF_USER_ID", "6369645F313231323230313331323238323634393437373930");
Line Deleted : user_pref("valueApps.CT3286042.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042._key_cl_active", "32633837623464352D373730302D346333342D393639652D353465313833643531616338");
Line Deleted : user_pref("valueApps.CT3286042._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.cbfirsttime", "5468752044656320313220323031332031323A32383A323220474D542D30363030202843656E7472616C205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3286042.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F705F6E61222C2276657273696F6E223A31307D");
Line Deleted : user_pref("valueApps.CT3286042.discover-experiments-photopop.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.discover-periodic-reports", "7B2270696E675F30223A5B313338363837333332323830372C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3286042.discover-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.discover-user-id", "2238393231373861362D386265322D343332612D616431652D63326234353838643639313922");
Line Deleted : user_pref("valueApps.CT3286042.discover-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.ground-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3286042.ground-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.impression_session_counter", "30");
Line Deleted : user_pref("valueApps.CT3286042.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.impression_session_id", "2264383563643261372D646165622D343831622D613232642D62353734626332356163613022");
Line Deleted : user_pref("valueApps.CT3286042.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.impression_session_last_active", "31333836383733333330363237");
Line Deleted : user_pref("valueApps.CT3286042.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appStateReportTime", "31333836383732383436363831");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_lastLoginTime", "31333836383732383438333139");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_userId", "35643430636433632D353666372D343532312D613431302D396161323437663463323439");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3286042.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3286042.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313338363837333030393936342C2C2C68747470733A2F2F7777772E676F6F676C652E[...]
Line Deleted : user_pref("valueApps.CT3286042.url_history0001.storedInFile", true);

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fuxgug13.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [61781 octets] - [12/12/2013 12:39:50]
AdwCleaner[s0].txt - [62100 octets] - [12/12/2013 12:40:45]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [62161 octets] ##########

Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

Sorry for the multiple replies, my head is definitely on straight today:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.12.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-F220FF07F [administrator]

12/12/2013 12:54:33 PM
mbam-log-2013-12-12 (12-54-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261135
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\Guest\Application Data\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCFixSpeed\News (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Documents and Settings\Guest\Application Data\PCFixSpeed\faq.htm (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCFixSpeed\News\PCFS_NEWS_promote_app_MLM_horizontal.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCFixSpeed\News\PCFS_NEWS_trialpay_tray_ads.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCFixSpeed\News\PCFS_NEWS_uninstall_discount_offer.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\appbario15\ldrtbappb.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\appbario15\tbappb.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\InternetHelper3.6\ldrtbInte.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\InternetHelper3.6\tbInte.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\KeyBar_1.8\ldrtbKeyB.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\KeyBar_1.8\tbKeyB.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Vafmusic7\ldrtbVafm.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Vafmusic7\tbVafm.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2\ldrtbWis0.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2\ldrtbWis2.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2\ldrtbWise.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2\tbWis0.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2\tbWis2.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\WiseConvert_B2\tbWise.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\appbario15\ldrtbappb.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\appbario15\tbappb.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\InternetHelper3.6\ldrtbInte.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\InternetHelper3.6\tbInte.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.8\ldrtbKeyB.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.8\tbKeyB.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic7\ldrtbVafm.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vafmusic7\tbVafm.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WiseConvert_B2\ldrtbWis0.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WiseConvert_B2\ldrtbWis2.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WiseConvert_B2\ldrtbWise.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WiseConvert_B2\tbWis0.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WiseConvert_B2\tbWis2.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WiseConvert_B2\tbWise.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_0\background.js    Win32/BrowseFox.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_0\content.js    Win32/BrowseFox.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js    Win32/AdWare.BetterSurf.A application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Produtools_Forms\ldrtbPro0.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Produtools_Forms\tbPro0.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Question_Party\ldrtbQue2.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Question_Party\tbQue2.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Temp\nsl15.tmp\Helper.dll    a variant of Win32/Toolbar.SearchSuite.C application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\WiseConvert_B2\ldrtbWise.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\WiseConvert_B2\tbWise.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\bfgtb_2.0.0.20.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\cdbxp_setup_4.4.1.3099.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\WeatherBugSetup.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\PCUltraSpeed.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\PDFCreatorSetup.exe    a variant of Win32/InstallCore.AY application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\SpeedScan_setup (1).exe    a variant of Win32/Ascentive application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\SpeedScan_setup.exe    a variant of Win32/Ascentive application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\tuvaro_1.8.25.4_gbv_N_CHR.exe    multiple threats    cleaned by deleting - quarantined
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.