Jump to content

First A Redirct Virus, Now Unable To Connect At All To Internet


bmg

Recommended Posts

My son't Alienware computer has been having trouble with a redirct virus, now it's unable to connect to the internet.

A scan says 'no infections', how can that be, even with the Pro Version?

 

Here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by L33tMaN at 19:39:37 on 2014-03-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8090.5788 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\LogonUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



uProxyServer = hxxp=127.0.0.1:49195;https=127.0.0.1:49195
uProxyOverride = <-loopback>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} -
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: ShopOn Coupon Helper Extension: {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: SweetPacks Toolbar: {7e8a1050-cf67-4575-92df-dcc60e7d952d} -
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GoogleChromeAutoLaunch_EE989A737300E8461C401789B9903612] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WebInternetSecurity] "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{922150AE-B813-4626-ADB1-614C8D542DC6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110}\45753475966496 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110}\876696E696479777966696 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DB92CCAA-2693-4972-AF5C-898C27153110}\F6074796D657D677966696 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll c:\progra~2\skc4df~1.enh\psupport.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Plus-HD-2.5: {11111111-1111-1111-1111-110311341138} -
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} -
x64-BHO: BobyLyrics-16: {11111111-1111-1111-1111-110411411160} -
x64-BHO: Speed Test Analysis: {310D38FE-EB4C-467C-8781-B7C2AEB7847D} -
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: sueRf and, keep: {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} -
x64-BHO: ShopOn Coupon Helper Extension: {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll
x64-BHO: SearchNewTab: {4B707A9F-4096-E32F-2871-6C4148277737} -
x64-BHO: YoutubeAdblocker: {4F746501-B018-1546-6341-6EBFD137D3E0} -
x64-BHO: TidyNetwork: {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-01-18 19:21; 858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com; C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com
FF - ExtSQL: 2014-02-08 02:59; {8b337819-d1e8-48d3-8178-168ae8c99c36}; C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
.
============= SERVICES / DRIVERS ===============
.
R?2 ShopOn Service;ShopOn Service;C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [2013-11-20 30320]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-1-1 50976]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-8 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-1-10 14664]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-8 163608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-28 701512]
R2 MSI_ODD_Service;MSI_ODD_Service;C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-4 76800]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-10-16 67584]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-22 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-8 363800]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-2 1759768]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-8 331264]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-28 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-1-18 14136]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-8 539240]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\windows\System32\drivers\rusb3hub.sys [2012-6-8 100352]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\windows\System32\drivers\rusb3xhc.sys [2012-6-8 216064]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/06/07 23:20:01;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-12-16 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-10-10 131912]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-15 111616]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2012-6-8 398656]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-16 23:13:20    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{940C5CE4-2DBB-4269-A63C-AC544C4E7AD8}\offreg.dll
2014-03-15 18:40:02    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A07C9AAF-2EAF-4515-AF16-1A322CD6F128}\gapaengine.dll
2014-03-15 18:39:07    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{940C5CE4-2DBB-4269-A63C-AC544C4E7AD8}\mpengine.dll
2014-03-15 18:33:59    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-03-15 18:33:59    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-03-15 18:33:59    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-03-15 18:33:58    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 21:28:46    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-05 00:02:25    --------    d-----r-    C:\Program Files (x86)\Skype
2014-03-02 23:00:02    --------    d-----w-    C:\ProgramData\AVG Secure Search
2014-02-25 20:39:05    --------    d-----w-    C:\windows\Migration
2014-02-15 08:01:34    548864    ----a-w-    C:\windows\System32\vbscript.dll
2014-02-15 08:01:34    454656    ----a-w-    C:\windows\SysWow64\vbscript.dll
.
==================== Find3M  ====================
.
2014-03-11 23:07:12    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 23:07:12    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-02 22:59:43    50976    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
2014-03-01 05:17:02    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-02-22 20:16:08    6261968    ----a-w-    C:\ProgramData\pclunst.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\windows\System32\win32k.sys
2014-01-29 02:32:18    484864    ----a-w-    C:\windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\windows\System32\wwansvc.dll
2014-01-19 07:33:29    270496    ------w-    C:\windows\System32\MpSigStub.exe
2014-01-11 21:11:17    281152    ----a-w-    C:\windows\SysWow64\PnkBstrB.xtr
2014-01-11 21:11:17    281152    ----a-w-    C:\windows\SysWow64\PnkBstrB.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\windows\System32\d3d10warp.dll
2013-12-24 21:43:51    737280    ----a-w-    C:\windows\iun6002.exe
2013-12-17 00:40:41    1409    ----a-w-    C:\windows\SysWow64\tmpDE3C7.FOT
.
============= FINISH: 19:40:06.93 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2012 1:33:18 PM
System Uptime: 3/16/2014 3:18:12 AM (16 hours ago)
.
Motherboard: Alienware |  | 0KM92T
Processor: Intel® Core i7-3770 CPU @ 3.40GHz | CPU 1 | 1598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 629.178 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 3/16/2014 3:45:21 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.3)
AlienAutopsy
Alienware Command Center
Allied Intent .2 client
Allied Intent Xtended 2.0
Amazon Browser Bar
AVG Security Toolbar
Battlecraft 1942
Battlefield 1942
Battlefield 1942 Windows Vista/7 Compatibility Fix
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2
Battlefield 2 Demo
Battlefield Mod Development Toolkit 2.0 Beta
Command & Conquer Generals
Command & Conquerô 3 Tiberium Wars and Kane's Wrath
Command & Conquerô 4 Tiberian Twilight
Command & Conquerô and The Covert Operationsô
Command & Conquerô Red Alert 2 and Yuriís Revenge
Command & Conquerô Red Alert, Counterstrike and The Aftermath
Command & Conquerô Red Alertô 3 and Uprising
Command & Conquerô The Ultimate Collection Additional Content
Command & Conquerô: Generals and Zero Hour
Command and ConquerTM Generals Zero Hour
couponamazing
CyberLink PowerDVD 9.6
D3DX10
Desura
FFOLKES Unlocks123 mod v1.4.1
Forgoten Hope 2 (2 of 2) (dummy)
Forgotten Hope 0.70
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
InfoAtoms [uninstall]
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
IntelÆ Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Lock On: Modern Air Combat
Malwarebytes Anti-Malware version 1.75.0.1300
Max Websearch
Media Player Classic - Home Cinema v1.5.2.3456
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Mobogenie
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI ODD Monitor
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 296.36
NVIDIA Control Panel 296.36
NVIDIA Graphics Driver 296.36
NVIDIA HD Audio Driver 1.3.14.1
NVIDIA Install Application
NVIDIA Optimus 1.7.12
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
PasswordBox
PowerISO
Project Reality: BF2
PunkBuster for Battlefield 1942
QuickShare
Ravaged
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Saints Row IV
Sandbox
Savings Explorer
Scholastic's I SPY Fantasy
Scholastic's I SPY Spooky Mansion Deluxe
Scholastic's I SPY Treasure Hunt
ScorpionSaver
ScorpionSaver Services
Search Assistant WebSearch 1.74
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
ShopOn Coupon Extension Helper
SK.Helper 1.74
Skypeô 6.11
Steam
Swift Browse 1.0.0
Team Fortress 2
The Elder Scrolls V: Skyrim
Virtual Families Packages
WebInternetSecurity
WestwoodChat
WestwoodOnline
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.00 (32-bit)
WOoKie Sniper Mod 1.3
WordPad+ version 1.01
World of Tanks
World of Warplanes
World of Warplanes Hack Toll 2.8
Xvid Video Codec
Yahoo! Toolbar
Zune
.
==== Event Viewer Messages From Past Week ========
.
3/16/2014 5:21:02 AM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
3/16/2014 3:38:18 AM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
3/16/2014 3:37:25 AM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort1.

3/16/2014 3:22:41 AM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
3/16/2014 3:22:36 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/16/2014 3:22:36 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
3/16/2014 3:20:32 AM, Error: Service Control Manager [7022]  - The ShopOn Service service hung on starting.
3/15/2014 6:02:38 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/15/2014 6:02:38 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Hi bmg,

Please follow the instructions HERE for disabling AutoPlay on both machines. Make sure to do this before performing the instructions below.

Please also disable your antivirus on the infected machine to avoid any conflicts.

You will need a USB flash drive to transfer these tools over to the infected computer. You will also need to use this flash drive to transfer the logs so that you are able to post them.

Please download the following files and place them on your USB flash drive

------------------------------
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
------------------------------
  • Right click over JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
------------------------------
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
------------------------------

After running all the above tools, you may re-enable your anti-virus.

Please post the following in your next reply

  • AdwCleaner log
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

# AdwCleaner v3.022 - Report created 25/03/2014 at 20:24:17
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : L33tMaN - L33TMAN-PC
# Running from : C:\Users\L33tMaN\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\sueRf and, keep
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\InfoAtoms
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\pc speed up
Folder Deleted : C:\Program Files (x86)\savings explorer
Folder Deleted : C:\Program Files (x86)\System Speedup
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\sueRf and, keep
Folder Deleted : C:\Program Files (x86)\VisualBee_V.3
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\windows\SysWOW64\ARFC
Folder Deleted : C:\windows\SysWOW64\jmdp
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\windows\SysWOW64\WNLT
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\windows\System32\ljkb
Folder Deleted : C:\Users\L33tMaN\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\L33tMaN\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\L33tMaN\AppData\Local\savings explorer
Folder Deleted : C:\Users\L33tMaN\AppData\Local\SearchProtect
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Temp\apn
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\L33tMaN\AppData\LocalLow\VisualBee_V.3
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\iSafe
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Systweak
Folder Deleted : C:\Users\cynical\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\cynical\AppData\Local\Conduit
Folder Deleted : C:\Users\cynical\AppData\Local\emaze
Folder Deleted : C:\Users\cynical\AppData\Local\genienext
Folder Deleted : C:\Users\cynical\AppData\Local\Mobogenie
Folder Deleted : C:\Users\cynical\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\cynical\AppData\Local\Oxy
Folder Deleted : C:\Users\cynical\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\cynical\AppData\Local\Temp\apn
Folder Deleted : C:\Users\cynical\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\cynical\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\cynical\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\cynical\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\cynical\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\cynical\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\cynical\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\cynical\AppData\LocalLow\VisualBee_V.3
Folder Deleted : C:\Users\cynical\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\cynical\AppData\Roaming\iSafe
Folder Deleted : C:\Users\cynical\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\cynical\AppData\Roaming\Oxy
Folder Deleted : C:\Users\cynical\AppData\Roaming\PC Health Kit
Folder Deleted : C:\Users\cynical\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\cynical\AppData\Roaming\strongvault
Folder Deleted : C:\Users\cynical\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Deleted : C:\Users\cynical\Documents\Mobogenie
Folder Deleted : C:\Users\cynical\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Smartbar
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\ValueApps
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3310511
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\CT3287802
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{94CD2CC3-083F-49BA-A218-4CDA4B4829FD}
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ScorpionSaver@jetpack
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\speedtestanalysis@SpeedAnalysis.com
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\858a779a-4bec-47f4-ac06-ed86e2daad75@d82626c3-adcb-475b-b77d-9a1e67c4fd2a.com
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\b1c59be1-6ba6-46cc-a7f5-5311cec2f27b@0c28bfa2-efb5-4c1d-8a2d-41671f1e9c0c.com
Folder Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\ds_3w@eiaxcdaob-.co.uk
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\sfaeya-oui@iuuuiyqvh.org
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\staged
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\xd1-eooy@zrpztuay.org
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Folder Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\{bf9194c2-b86d-4ebc-9b53-1c08b6ff779e}
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
[!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
[!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
[!] Folder Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
[!] Folder Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\END
File Deleted : C:\windows\System32\AdpeakProxy.ini
File Deleted : C:\windows\System32\AdpeakProxyOff.ini
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\cynical\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\cynical\Desktop\Mobogenie.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\ask-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\babylon1.xml
File Deleted : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\searchplugins\iminent.xml
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\user.js
File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\windows\Tasks\Dealply.job
File Deleted : C:\windows\System32\Tasks\Dealply
File Deleted : C:\windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_58f14601
Key Deleted : HKCU\Software\530d7dfb268bd10
Key Deleted : HKLM\SOFTWARE\530d7dfb268bd10
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222102258}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182202}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342238}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412260}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422722220}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266106658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416660}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041D2F18-03BB-49DF-B14C-EA5B4E94C15C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35430B06-871A-4590-BC61-16FB1DD8D60F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D47C279-EC08-460B-9229-07B348B6FEA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B95D0C0-8E8B-4B71-BA31-417B00453FBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F12F2D9-DE65-4A21-8DB7-6008F51AC540}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23D772C4-D198-46BF-86DF-E6EBC2509A18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBF63E0-C0C8-42F8-B83E-A3D9B1453495}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DA9C594-FAB5-43FE-8CD2-FDEC0EEF9127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F11C7CB4-21CD-4F68-94F7-4237B8E9585B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF9194C2-B86D-4EBC-9B53-1C08B6FF779E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{310D38FE-EB4C-467C-8781-B7C2AEB7847D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342238}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412260}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266106658}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416660}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D38FE-EB4C-467C-8781-B7C2AEB7847D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041D2F18-03BB-49DF-B14C-EA5B4E94C15C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35430B06-871A-4590-BC61-16FB1DD8D60F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D47C279-EC08-460B-9229-07B348B6FEA8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B95D0C0-8E8B-4B71-BA31-417B00453FBE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F12F2D9-DE65-4A21-8DB7-6008F51AC540}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.3
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\VisualBee_V.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SweetPacks Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\skc4df~1.enh\psupport.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "143ada97980ddc12acb0d84f0bc5ff4b");

[ File : C:\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\prefs.js ]

Line Deleted : user_pref("CT3287802.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3287802.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287802.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287802.FF19Solved", "true");
Line Deleted : user_pref("CT3287802.FirstTime", "true");
Line Deleted : user_pref("CT3287802.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3287802.UserID", "UN42807431672701013");
Line Deleted : user_pref("CT3287802.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3287802.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287802.countryCode", "US");
Line Deleted : user_pref("CT3287802.defaultSearch", "true");
Line Deleted : user_pref("CT3287802.embeddedsData", "[{\"appId\":\"130058504433344387\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3287802.enableAlerts", "true");
Line Deleted : user_pref("CT3287802.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287802.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287802.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287802.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287802.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3287802.fullUserID", "UN42807431672701013.IN.20131129211238");
Line Deleted : user_pref("CT3287802.installDate", "29/11/2013 21:12:40");
Line Deleted : user_pref("CT3287802.installSessionId", "{BBE1D897-9805-4700-BBC3-9478746C15FD}");
Line Deleted : user_pref("CT3287802.installSp", "TRUE");
Line Deleted : user_pref("CT3287802.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3287802.installUsage", "2013-11-30T05:12:05.8301593+03:00");
Line Deleted : user_pref("CT3287802.installUsageEarly", "2013-11-30T05:12:03.7241458+03:00");
Line Deleted : user_pref("CT3287802.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3287802.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287802.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287802.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287802.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287802.keyword", "true");

Line Deleted : user_pref("CT3287802.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3287802.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3287802.openThankYouPage", "false");
Line Deleted : user_pref("CT3287802.openUninstallPage", "true");


Line Deleted : user_pref("CT3287802.originalSearchEngine", "Amazon ");
Line Deleted : user_pref("CT3287802.originalSearchEngineName", "Amazon ");
Line Deleted : user_pref("CT3287802.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3287802.search.searchAppId", "130058504433344387");
Line Deleted : user_pref("CT3287802.search.searchCount", "0");
Line Deleted : user_pref("CT3287802.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3287802.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3287802.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3287802.searchRevert", "false");
Line Deleted : user_pref("CT3287802.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3287802.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3287802.searchUserMode", "2");
Line Deleted : user_pref("CT3287802.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287802.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287802.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3287802.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287802\"}");

Line Deleted : user_pref("CT3287802.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"VisualBee V.3 \"}");
Line Deleted : user_pref("CT3287802.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287802.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3287802.serviceLayer_services_Configuration_lastUpdate", "1388179994659");
Line Deleted : user_pref("CT3287802.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387926441660");
Line Deleted : user_pref("CT3287802.serviceLayer_services_appsMetadata_lastUpdate", "1388179993236");
Line Deleted : user_pref("CT3287802.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387043875754");
Line Deleted : user_pref("CT3287802.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1385777568358");
Line Deleted : user_pref("CT3287802.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1385777570244");
Line Deleted : user_pref("CT3287802.serviceLayer_services_login_10.22.5.10_lastUpdate", "1385777570293");
Line Deleted : user_pref("CT3287802.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387043875940");
Line Deleted : user_pref("CT3287802.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388179992161");
Line Deleted : user_pref("CT3287802.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387043875715");
Line Deleted : user_pref("CT3287802.serviceLayer_services_searchAPI_lastUpdate", "1388179994277");
Line Deleted : user_pref("CT3287802.serviceLayer_services_serviceMap_lastUpdate", "1388179993128");
Line Deleted : user_pref("CT3287802.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388179992791");
Line Deleted : user_pref("CT3287802.serviceLayer_services_toolbarSettings_lastUpdate", "1388179992927");
Line Deleted : user_pref("CT3287802.serviceLayer_services_translation_lastUpdate", "1388179992708");
Line Deleted : user_pref("CT3287802.settingsINI", true);
Line Deleted : user_pref("CT3287802.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3287802.showToolbarPermission", "false");
Line Deleted : user_pref("CT3287802.smartbar.CTID", "CT3287802");
Line Deleted : user_pref("CT3287802.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3287802.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287802.smartbar.toolbarName", "VisualBee V.3 ");
Line Deleted : user_pref("CT3287802.startPage", "true");
Line Deleted : user_pref("CT3287802.toolbarBornServerTime", "30-11-2013");
Line Deleted : user_pref("CT3287802.toolbarCurrentServerTime", "28-12-2013");
Line Deleted : user_pref("CT3287802.toolbarInstallDate", "29-11-2013 21:12:38");
Line Deleted : user_pref("CT3287802.toolbarLoginClientTime", "Fri Nov 29 2013 21:12:50 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3287802.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3287802.xpeMode", "0");
Line Deleted : user_pref("CT3287802_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388181690858,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3297964_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382285100510,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN11730512504563180");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN11730512504563180.IN.20131011191032");
Line Deleted : user_pref("CT3310511.installDate", "11/10/2013 19:10:35");
Line Deleted : user_pref("CT3310511.installSessionId", "{1AC4B522-29D3-447B-8DC4-25A8B3C04656}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3310511.keyword", "true");

Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "Ask Search");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "Ask Search");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.3.20");
Line Deleted : user_pref("CT3310511.xpeMode", "0");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.3 Customized Web Search");


Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287802");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("browser.search.defaultenginename", "VisualBee V.3 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.3 Customized Web Search");

Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "VisualBee V.3 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "28");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "B5BF111D29757AD4419483C5B03DCAB5");
Line Deleted : user_pref("extensions.BabylonToolbar.id", "86966daa000000000000083e8e4eeb3f");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15734");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.217:59:35");
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"70\",\"lastVrsn\":\"70\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110801&tl=280113_9103&tt=280113_9103");
Line Deleted : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.217:59:37");
Line Deleted : user_pref("extensions.Xee.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wind[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Mon Dec 30 2013 18:22:51 GMT-0500 (Eastern Standard Ti[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Tue Dec 31 2013 18:07:41 GMT-0500 (Eastern Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Mon Dec 30 2013 18:22:51 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "14285d0f87cb6c5fbfa08f6ebb3b3515");
Line Deleted : user_pref("extensions.ihhu7.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\"[...]
Line Deleted : user_pref("extensions.kX12w.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.typ[...]

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287802");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287802");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287802");
Line Deleted : user_pref("smartbar.machineId", "9HAMF+POWSSHFORLX+DUEYDSHHKJB097GBZSI0P1YEEGQEVHRXUJJO1OLMTHUSJ+ONVFC9DGWD3F82GWN8FOAG");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Deleted : user_pref("valueApps.CT3287802./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247");
Line Deleted : user_pref("valueApps.CT3287802./9B+7E.:2z527.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL8:", "6E6D696A726C75767770");
Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F7078727B7C7D76242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3287802./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDB@H>COCM?'RGJ", "247E61393F236B256E7876752A212C6E414F444D327A34504E4C544A4F5B4F594B335E5356433A4528655A555D585B554E37507D21534A55387578665A435C4E4A5F56617372[...]
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDB@H>COCM?'RGJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDHz K@C", "247E61393F236B25716F72792A212C6E414F444D327A345054272C574C4F3C333E215E534E5651544E473049227C4C434E315D5E67533C5544574E59666A715D466560707E7D644D666[...]
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDHz K@C.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJDJIHL@AF%PEH.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E31;CJEJ~J?B.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3287802./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G>D", "6B3F6C6A736C416E7A43477673204A4C4D7C254D7B53212A24555823282C2629302F2F5E");
Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3287802./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3287802./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT3287802./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3287802./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3287802./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B5BA==9CJAG", "673F3B706A6E72407A7848757B494A784E7B4F4E50");
Line Deleted : user_pref("valueApps.CT3287802./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B6B11G4C56B>F;P;ANR@P", "6E6D696A726C75767772717879");
Line Deleted : user_pref("valueApps.CT3287802./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3287802./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3287802./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3287802./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<L8DAJ", "6D70706F7673747974782A7974727876757E79");
Line Deleted : user_pref("valueApps.CT3287802./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3287802./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3287802./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3287802./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3287802./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3287802.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3287802.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3287802.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.SF_USER_ID", "6369645F333031313230313331323538353238323735323237");
Line Deleted : user_pref("valueApps.CT3287802.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802._key_cl_active", "63666261383138322D326134372D343939642D613966322D613061656334363338373866");
Line Deleted : user_pref("valueApps.CT3287802._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.cb_experience_000", "32");
Line Deleted : user_pref("valueApps.CT3287802.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3287802.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.cb_user_id_000", "43423437373432333133313535395F313338353836373937343235315F46697265666F78");
Line Deleted : user_pref("valueApps.CT3287802.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.cbfirsttime", "536174204E6F7620333020323031332031323A35383A323920474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3287802.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F705F6E61222C2276657273696F6E223A31307D");
Line Deleted : user_pref("valueApps.CT3287802.discover-experiments-photopop.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.discover-periodic-reports", "7B2270696E675F30223A5B313338373932363538383439322C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3287802.discover-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.discover-user-id", "2264343637333764372D363032632D343431342D626562332D63643632663065616530663022");
Line Deleted : user_pref("valueApps.CT3287802.discover-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.ground-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3287802.ground-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.hover_counter", "36");
Line Deleted : user_pref("valueApps.CT3287802.hover_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.impression_counter", "3137");
Line Deleted : user_pref("valueApps.CT3287802.impression_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.impression_session_counter", "36");
Line Deleted : user_pref("valueApps.CT3287802.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.impression_session_id", "2231306135316233642D373530382D346633302D393632632D63636131333934386162626522");
Line Deleted : user_pref("valueApps.CT3287802.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.impression_session_last_active", "31333837303632383537343737");
Line Deleted : user_pref("valueApps.CT3287802.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appStateReportTime", "31333838313739393937333631");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_JobsMiner", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_JobsMiner.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_lastLoginTime", "31333838313739393938343135");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_userId", "30386635303437342D306165632D343064632D613534312D346365343734363361383162");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3287802.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287802.response_cache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287802.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313338353833393730373837372C2C2C68747470733A2F2F7777772E676F6F676C652E[...]
Line Deleted : user_pref("valueApps.CT3287802.url_history0001.storedInFile", true);

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

[ File : C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [78496 octets] - [25/03/2014 20:21:35]
AdwCleaner[s0].txt - [77243 octets] - [25/03/2014 20:24:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [77304 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by L33tMaN on Thu 03/27/2014 at 19:22:15.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{232f1b14-7126-491f-ac8c-6123ba58fde2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_50001_0101_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_50001_0101_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_50001_0101_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_50001_0101_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FD43172-57ED-4973-8168-93E5D977D1F1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3FD43172-57ED-4973-8168-93E5D977D1F1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FD43172-57ED-4973-8168-93E5D977D1F1}



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\pc-dis-upd.job
Successfully deleted: [File] "C:\Users\L33tMaN\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\L33tMaN\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\L33tMaN\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\L33tMaN\appdata\local\couponamazing"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc cleaners"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc cleaners"
Successfully deleted: [Empty Folder] C:\Users\L33tMaN\appdata\local\{C25A8265-A82A-42A7-8D1F-B9321717DF51}



~~~ FireFox

Emptied folder: C:\Users\L33tMaN\AppData\Roaming\mozilla\firefox\profiles\vdq54lkb.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/27/2014 at 19:26:55.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by L33tMaN (administrator) on L33TMAN-PC on 27-03-2014 19:18:42
Running from C:\Users\L33tMaN\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Micro-Star Int'l Co., Ltd.) c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ShopOn Unlimited LLC) C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-01-10] (Alienware)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] - c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] - c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-12-16] (cyberlink)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WebInternetSecurity] - C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [searchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [GoogleChromeAutoLaunch_EE989A737300E8461C401789B9903612] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Temp\CT3287802\plugins\TBVerifier.dll",RunConduitFloatingPlugin ieiiggnfmhgcolbimglmfjfpkjildjdd <===== ATTENTION
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [backgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [GoogleChromeAutoLaunch_3CB500CD2A273B9B24564AAAE3629254] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-23] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [215360 2012-03-23] (NVIDIA Corporation)
Startup: C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk
ShortcutTarget: Oxy.lnk -> C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd (No File)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49250;https=127.0.0.1:49250
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Plus-HD-2.5 - {11111111-1111-1111-1111-110311341138} - C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-bho64.dll No File
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: BobyLyrics-16 - {11111111-1111-1111-1111-110411411160} - C:\Program Files (x86)\BobyLyrics-16\BobyLyrics-16-bho64.dll No File
BHO: sueRf and, keep - {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} - C:\Program Files (x86)\sueRf and, keep\5zuH5RP.x64.dll No File
BHO: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll ()
BHO: SearchNewTab - {4B707A9F-4096-E32F-2871-6C4148277737} - C:\Program Files (x86)\SearchNewTab\n.x64.dll No File
BHO: YoutubeAdblocker - {4F746501-B018-1546-6341-6EBFD137D3E0} - C:\Program Files (x86)\YoutubeAdblocker\Apb.x64.dll No File
BHO: TidyNetwork - {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll ()
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\L33tMaN\AppData\Roaming\Mozilla\Firefox\Profiles\vdq54lkb.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-01]

Chrome:
=======

CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL: https://isearch.avg.com/chroment?espv=2&cid={FB437AC5-A04C-44A0-9A95-78A444223A7A}&mid=47ad457d35f547d18d0c3120d333f7f2-d26972f2474d96f629251e8ef57ec76cce5ba971〈=en&ds=gh011&coid=avgtbdisgh&pr=sa&d=2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-01]
CHR Extension: (Google Search) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-01]
CHR Extension: (SearchNewTab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb [2013-11-22]
CHR Extension: (DP1815) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob [2014-01-12]
CHR Extension: (YoutubeAdblocker) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc [2013-11-22]
CHR Extension: (RealDownloader) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-01]
CHR Extension: (Max Websearch) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf [2013-03-22]
CHR Extension: (Amazing Coupons) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-01-01]
CHR Extension: (ShopOn Coupons, Cash Back, and Deals!) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo [2013-12-29]
CHR Extension: (Google Wallet) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (surF and keepe) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe [2013-11-22]
CHR Extension: (Gmail) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-30]
CHR HKLM-x32\...\Chrome\Extension: [jcgkbfhhkpooeffgglncbglkpinpbgcf] - C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx [2013-01-13]

==================== Services (Whitelisted) =================

S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-12-16] (CyberLink)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-10-16] (PasswordBox, Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-10-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-30] ()
U2 ShopOn Service; C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [30320 2013-11-20] (ShopOn Unlimited LLC)
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 19:18 - 2014-03-27 19:18 - 00027059 _____ () C:\Users\L33tMaN\Desktop\FRST.txt
2014-03-27 19:17 - 2014-03-27 19:18 - 00000000 ____D () C:\FRST
2014-03-27 19:16 - 2014-03-27 19:16 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FFF
2014-03-27 19:16 - 2014-03-24 19:34 - 02157056 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe
2014-03-27 16:04 - 2014-03-27 16:04 - 00077709 _____ () C:\Users\L33tMaN\Desktop\AdwCleaner[s0].txt
2014-03-25 20:21 - 2014-03-25 20:25 - 00000000 ____D () C:\AdwCleaner
2014-03-15 14:34 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-15 14:34 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-15 14:34 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-15 14:34 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-15 14:34 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-15 14:34 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-15 14:34 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-15 14:34 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-15 14:34 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-15 14:34 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-15 14:34 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-15 14:34 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-15 14:34 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-15 14:34 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-15 14:34 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-15 14:34 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-15 14:34 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-15 14:34 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-15 14:34 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-15 14:34 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-15 14:34 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-15 14:34 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-15 14:34 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-15 14:34 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-15 14:34 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-15 14:34 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-15 14:34 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-15 14:34 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-15 14:34 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-15 14:34 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-15 14:34 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-15 14:34 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-15 14:34 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-15 14:34 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-15 14:34 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-15 14:34 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-15 14:34 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-15 14:34 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-15 14:34 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-15 14:34 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-15 14:34 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-15 14:34 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-15 14:34 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-15 14:34 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-15 14:33 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-15 14:33 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-15 14:33 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-15 14:33 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-07 21:13 - 2014-03-07 21:15 - 00000000 ____D () C:\Users\L33tMaN\Desktop\sprays
2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype

==================== One Month Modified Files and Folders =======

2014-03-27 19:18 - 2014-03-27 19:18 - 00027059 _____ () C:\Users\L33tMaN\Desktop\FRST.txt
2014-03-27 19:18 - 2014-03-27 19:17 - 00000000 ____D () C:\FRST
2014-03-27 19:16 - 2014-03-27 19:16 - 00000000 ____D () C:\Users\L33tMaN\Desktop\FFF
2014-03-27 19:10 - 2013-01-01 17:32 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 19:07 - 2012-06-07 23:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 17:57 - 2012-08-24 13:41 - 01443669 _____ () C:\windows\WindowsUpdate.log
2014-03-27 16:10 - 2009-07-14 00:45 - 00021296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 16:10 - 2009-07-14 00:45 - 00021296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 16:05 - 2012-12-31 22:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-27 16:04 - 2014-03-27 16:04 - 00077709 _____ () C:\Users\L33tMaN\Desktop\AdwCleaner[s0].txt
2014-03-27 16:03 - 2013-11-22 22:48 - 00000452 ____H () C:\windows\Tasks\SK.Enhancer-S-161304646.job
2014-03-27 16:03 - 2013-10-19 22:50 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-03-27 16:03 - 2013-06-14 15:49 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-27 16:03 - 2013-01-01 17:32 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 16:02 - 2012-08-24 12:36 - 00031914 _____ () C:\windows\setupact.log
2014-03-27 16:02 - 2012-06-08 01:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-27 16:02 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-25 20:27 - 2013-01-01 18:01 - 01314476 _____ () C:\windows\PFRO.log
2014-03-25 20:25 - 2014-03-25 20:21 - 00000000 ____D () C:\AdwCleaner
2014-03-25 20:20 - 2009-07-14 01:13 - 00800328 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-24 19:34 - 2014-03-27 19:16 - 02157056 _____ (Farbar) C:\Users\L33tMaN\Desktop\FRST64.exe
2014-03-21 23:01 - 2013-11-10 19:59 - 00003702 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-21 22:59 - 2013-01-01 17:19 - 00049952 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-03-18 20:01 - 2013-08-15 19:45 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 20:00 - 2012-07-10 17:42 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-16 10:33 - 2012-12-31 22:06 - 00000000 ____D () C:\Users\cynical
2014-03-16 03:18 - 2012-07-10 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 03:18 - 2012-07-10 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 03:18 - 2009-07-14 00:45 - 00279424 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-11 19:07 - 2012-06-07 23:58 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 19:07 - 2012-06-07 23:58 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 19:07 - 2012-06-07 23:58 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 21:15 - 2014-03-07 21:13 - 00000000 ____D () C:\Users\L33tMaN\Desktop\sprays
2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 20:02 - 2012-08-24 12:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Skype
2014-03-04 20:02 - 2012-08-24 12:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Skype
2014-03-04 20:02 - 2012-07-10 13:21 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 02:05 - 2014-03-15 14:34 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-15 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-15 14:34 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-15 14:34 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-15 14:34 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-15 14:34 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-15 14:34 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-15 14:34 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-15 14:34 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-15 14:34 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-15 14:34 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-15 14:34 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-15 14:34 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-15 14:34 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-15 14:34 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-15 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-15 14:34 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-15 14:34 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-15 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-15 14:34 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-15 14:34 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-15 14:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-15 14:34 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-15 14:34 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-15 14:34 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-15 14:34 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-15 14:34 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-15 14:34 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-15 14:34 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-15 14:34 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-15 14:34 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-15 14:34 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-15 14:34 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-15 14:34 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-15 14:34 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-15 14:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-15 14:34 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-15 14:34 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-15 14:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-15 14:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-26 20:45 - 2011-02-10 12:10 - 00792450 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\Public\AlexaNSISPlugin.3888.dll


Some content of TEMP:
====================
C:\Users\cynical\AppData\Local\Temp\21802_updater.exe
C:\Users\cynical\AppData\Local\Temp\23jbuvo5.dll
C:\Users\cynical\AppData\Local\Temp\APNSetup.exe
C:\Users\cynical\AppData\Local\Temp\BackupSetup.exe
C:\Users\cynical\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\cynical\AppData\Local\Temp\dotnetfx35setup.exe
C:\Users\cynical\AppData\Local\Temp\EnableExtDll.dll
C:\Users\cynical\AppData\Local\Temp\htmlayout.dll
C:\Users\cynical\AppData\Local\Temp\ICReinstall_super-mario-cross.exe
C:\Users\cynical\AppData\Local\Temp\install_helper.exe
C:\Users\cynical\AppData\Local\Temp\instmsia.exe
C:\Users\cynical\AppData\Local\Temp\instmsiw.exe
C:\Users\cynical\AppData\Local\Temp\plus-hd-2-5.exe
C:\Users\cynical\AppData\Local\Temp\SendMsg.dll
C:\Users\cynical\AppData\Local\Temp\SpOrder.dll
C:\Users\cynical\AppData\Local\Temp\sSetup-se.exe
C:\Users\cynical\AppData\Local\Temp\TidyNetwork.exe
C:\Users\cynical\AppData\Local\Temp\tmp13BA.exe
C:\Users\cynical\AppData\Local\Temp\tmpA02C.exe
C:\Users\cynical\AppData\Local\Temp\toolbar15971881.exe
C:\Users\cynical\AppData\Local\Temp\toolbar15972240.exe
C:\Users\cynical\AppData\Local\Temp\toolbar15972864.exe
C:\Users\cynical\AppData\Local\Temp\uninst1.exe
C:\Users\cynical\AppData\Local\Temp\{248F3297-AA28-4492-A61E-F3D514A176F1}-30.0.1599.101_30.0.1599.69_chrome_updater.exe
C:\Users\cynical\AppData\Local\Temp\{3FE2BF0B-147D-48AC-8819-0D43C601F23D}-31.0.1650.57_30.0.1599.101_chrome_updater.exe
C:\Users\L33tMaN\AppData\Local\Temp\AVG.exe
C:\Users\L33tMaN\AppData\Local\Temp\BackupSetup.exe
C:\Users\L33tMaN\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\L33tMaN\AppData\Local\Temp\lowproc.exe
C:\Users\L33tMaN\AppData\Local\Temp\pctdb01.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup10487.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup11122.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup12006.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup14310.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup1544.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup16244.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup17124.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup19245.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup20064.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup23065.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup23256.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup25189.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup25370.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup27300.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup28184.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup28595.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup31134.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup32014.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup4769.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup7305.exe
C:\Users\L33tMaN\AppData\Local\Temp\pcup8182.exe
C:\Users\L33tMaN\AppData\Local\Temp\Quarantine.exe
C:\Users\L33tMaN\AppData\Local\Temp\stubhelper.dll
C:\Users\L33tMaN\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\L33tMaN\AppData\Local\Temp\~extncp01.exe
C:\Users\L33tMaN\AppData\Local\Temp\~extncp02.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-22 05:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by L33tMaN at 2014-03-27 19:19:07
Running from C:\Users\L33tMaN\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.)
Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden
Allied Intent .2 client (HKLM-x32\...\Allied Intent .2 client) (Version:  - )
Allied Intent Xtended 2.0 (HKLM-x32\...\Allied Intent Xtended) (Version: 2.0 - AIX Community)
Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version:  - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942 Windows Vista/7 Compatibility Fix (HKLM\...\{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts)
Battlefield 2 Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version:  - )
Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version:  - )
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
couponamazing (HKLM-x32\...\couponamazing) (Version: 1.1357065019 - couponamazing.com) <==== ATTENTION
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4827 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4827 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
FFOLKES Unlocks123 mod v1.4.1 (HKLM-x32\...\FFOLKES Unlocks123 mod v1.4.1) (Version:  - )
Forgoten Hope 2 (2 of 2) (dummy) (HKLM-x32\...\Forgotten Hope 2) (Version:  - )
Forgotten Hope 0.70 (HKLM-x32\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lock On: Modern Air Combat (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Websearch (HKLM-x32\...\Maxwebsearch) (Version:  - Maxwebsearch)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.36 - NVIDIA Corporation)
NVIDIA Control Panel 296.36 (Version: 296.36 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.36 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9636 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.26.3.2879 - PasswordBox, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.0 - Project Reality)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
QuickShare (HKLM-x32\...\{232F1B14-7126-491F-AC8C-6123BA58FDE2}) (Version: 1.135.60.12323 - Linkury Inc.) <==== ATTENTION
Ravaged (HKLM-x32\...\Steam App 96300) (Version:  - )
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Sandbox (HKLM-x32\...\Sandbox) (Version:  - )
Savings Explorer (HKLM-x32\...\Savings Explorer) (Version: 1.24.151.151 - 215 Apps)
Scholastic's I SPY Fantasy (HKLM-x32\...\Scholastic's I SPY Fantasy) (Version:  - )
Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version:  - )
Scholastic's I SPY Treasure Hunt (HKLM-x32\...\Scholastic's I SPY Treasure Hunt) (Version: 1.0 - Scholastic Inc.)
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ShopOn Coupon Extension Helper (HKLM\...\ShopOn) (Version: 1.6.49 - ShopOn Unlimited LLC) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Virtual Families Packages (HKCU\...\Virtual Families Packages) (Version:  - ) <==== ATTENTION
WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version:  - Webinternetsecurity)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WOoKie Sniper Mod 1.3 (HKLM-x32\...\WOoKie Sniper Mod) (Version: 1.3 - Scouty)
WordPad+ version 1.01 (HKLM-x32\...\WordPad+_is1) (Version: 1.01 - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)
World of Warplanes Hack Toll 2.8 (HKLM-x32\...\World of Warplanes Hack Toll 2.8) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-03-2014 07:45:21 Scheduled Checkpoint
19-03-2014 00:00:24 Windows Update
22-03-2014 03:11:43 Windows Update
25-03-2014 21:37:54 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {011370A5-018E-4AA2-A481-1523E7A23A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {023CD68F-48C5-4C40-A563-162B425C1BB9} - System32\Tasks\Updater21802.exe => C:\Users\cynical\AppData\Local\Updater21802\Updater21802.exe <==== ATTENTION
Task: {0374F184-232F-4118-8419-55F5688FAD94} - \GoforFilesUpdate No Task File
Task: {13054A1C-87B3-40D9-811C-13B64AEBA521} - System32\Tasks\{A4C966BB-E0F7-4EA0-BAFF-378BD1F89D43} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe
Task: {1444863C-CEFA-413B-8CF8-CACB600F485B} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {1720B02C-915C-49D2-9F77-41C9414781FD} - System32\Tasks\{E80F6B32-5D3A-42B6-AD92-BB4419995F64} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {18A5DCA4-5ACA-4341-A32D-880E91F08B3F} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe [2013-01-01] (PC Cleaners Inc.) <==== ATTENTION
Task: {19472C8B-735D-4912-9716-B385C44BA07A} - System32\Tasks\TidyNetwork Update => C:\Users\cynical\AppData\Local\TidyNetwork\petnupdate.exe
Task: {2D7C059A-1C14-4D22-9089-50AE99B508E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {310B9523-078B-410A-BFA5-2A8D9F04142C} - System32\Tasks\{407E4C35-61C1-4ED6-9FF4-526E5B00DE1F} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {33B0FF98-90B9-4742-BE46-43BE2D294852} - System32\Tasks\{341E9A2A-7320-4E28-A66E-D615E3701034} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {3C8C2035-B41A-4487-9BD7-16CECADA3107} - \Dealply No Task File
Task: {3F91A3D8-C549-402F-B916-E5FD071269B0} - System32\Tasks\Oxy => C:\Users\cynical\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {458EC67D-CDD7-45D8-A283-943A5D498EDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4B0D1B46-6C73-499D-9567-9E407789909A} - System32\Tasks\{773B3E96-62DA-4A63-9D8D-066DDCBF4F0E} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {4D2F968C-BD22-40F8-9FCE-44DCF4F3FEF8} - System32\Tasks\RunAsStdUser Task => C:\Users\cynical\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {69F31346-B202-4B52-83C8-38A13151F95B} - \BackgroundContainer Startup Task No Task File
Task: {7AF87EB6-A50C-42AB-BAC5-ED331B75213F} - System32\Tasks\{B143C027-5E0A-4953-A279-00F911072A82} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {825F3FA3-0D8D-4A97-BED1-ED92E699BE05} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-383299565-3798718073-3649502856-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {8B81D2E4-E4CC-4B83-8E86-E0D6AFED81F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {982B2063-2ACA-4114-8641-F7F03E4466C7} - System32\Tasks\{1B4171AB-B20F-42D6-90A5-F8B0442B8E9E} => C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
Task: {B3147D4E-D87C-4CFD-9F14-9A4E8A12DC91} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {B3C3C651-4FAA-4BCF-9C5D-35E8745A7124} - System32\Tasks\{2DB518E2-242C-48AE-B842-9B476DC059A7} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {BBEF80F6-CBCD-405C-84FD-A24BC81ACB1A} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {BE244C55-D878-437F-8958-D629A45820B1} - System32\Tasks\VisualBeeRecovery => C:\Users\cynical\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {D146400E-D601-4848-B232-E55DAD7CEF7D} - System32\Tasks\{DDAE764B-5E62-4542-81A7-9F530B2AFAEA} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe
Task: {D21A428F-B137-4082-B614-CC2DBDC5027F} - System32\Tasks\{6CD8CB2F-67CF-4051-8371-8C7532DA141C} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {D57B8DD7-8986-47A5-9113-4033E31B09CE} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
Task: {D5E597B0-AEF9-4B45-B1FE-6022BAD894EF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe
Task: {E57F0D33-3F19-4198-8CC3-C7EE1BB01B67} - System32\Tasks\{3CA31466-DEDD-4D77-9668-9C817280AAC9} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {E7594EA4-3392-41B3-8CDC-D73F6FB3664E} - System32\Tasks\{7C31E5D9-F65C-493F-AFB8-E1DEAB2E500B} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: {F2E7344B-9FA6-44BF-BDC7-FB1E0C2026E5} - System32\Tasks\{D89C3165-63A0-4E42-A9CA-6F65D48D364C} => C:\Program Files (x86)\EA GAMES\Command & Conquer Generals Zero Hour\generals.exe
Task: {F9ED1981-BA10-43D4-95B0-BFCEC7FB3ABD} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-01-20] ()
Task: {FF87AC17-1E07-4ED4-91C7-7982BDF43741} - System32\Tasks\{5CCB7AEE-C302-44F7-A930-4C42D2825F16} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe [2004-01-22] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7DB42AD0-0673-4FC8-952C-EFABC31619C3}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\pc-dis-upd.job => ?
Task: C:\windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-12 00:19 - 2013-10-12 00:19 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-11-30 00:31 - 2012-11-30 00:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-06-08 01:36 - 2012-03-19 19:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-16 16:00 - 2013-10-16 16:00 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 15:12 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2012-06-08 01:37 - 2012-03-23 00:10 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-10 22:40 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-10 22:40 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-25 17:23 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-12-31 22:37 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-31 22:37 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-31 22:37 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-31 22:37 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-31 22:37 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-06-08 00:09 - 2012-03-06 15:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2014 07:42:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: AlienwareAlienFXController.exe, version: 2.7.25.0, time stamp: 0x4f0c4453
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x003b6bec
Faulting process id: 0x1524
Faulting application start time: 0xAlienwareAlienFXController.exe0
Faulting application path: AlienwareAlienFXController.exe1
Faulting module path: AlienwareAlienFXController.exe2
Report Id: AlienwareAlienFXController.exe3

Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime) (User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>)
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent()
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/22/2014 05:41:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/16/2014 03:39:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/15/2014 03:22:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (03/07/2014 05:59:31 PM) (Source: Application Hang) (User: )
Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1394

Start Time: 01cf3a4f826d15ce

Termination Time: 402

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

Report Id:


System errors:
=============
Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/27/2014 04:05:53 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )


Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/27/2014 04:04:08 PM) (Source: WMPNetworkSvc) (User: )


Error: (03/27/2014 04:03:50 PM) (Source: Service Control Manager) (User: )
Description: The ShopOn Service service hung on starting.

Error: (03/27/2014 04:02:28 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.5 service failed to start due to the following error:
%%2

Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: )
Description: The Portable Device Enumerator Service service failed to start due to the following error:
%%1115

Error: (03/25/2014 08:28:46 PM) (Source: Service Control Manager) (User: )
Description: The Human Interface Device Access service failed to start due to the following error:
%%1115


Microsoft Office Sessions:
=========================
Error: (03/24/2014 07:42:44 PM) (Source: Application Error)(User: )
Description: AlienwareAlienFXController.exe2.7.25.04f0c4453unknown0.0.0.000000000c0000005003b6bec152401cf47baaf4e6395C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exeunknownfe7e57c9-b3ad-11e3-b803-848f69f575ee

Error: (03/24/2014 07:42:41 PM) (Source: .NET Runtime)(User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.changesFound(System.Collections.Generic.List`1<AlienLabs.AlienFX.DeviceDiscovery.AlienFXDeviceSetupInfo>)
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.processDevicesChangedEvent()
   at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.consumeQueue()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (03/22/2014 10:25:01 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/22/2014 05:41:26 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (03/18/2014 07:36:18 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/16/2014 05:06:13 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/16/2014 03:39:39 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (03/15/2014 06:02:38 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/15/2014 03:22:20 PM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (03/07/2014 05:59:31 PM) (Source: Application Hang)(User: )
Description: hl2.exe0.0.0.0139401cf3a4f826d15ce402C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8090.38 MB
Available physical RAM: 5520.35 MB
Total Pagefile: 16178.93 MB
Available Pagefile: 12817.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:921.32 GB) (Free:627.09 GB) NTFS
Drive d: (DISC_1_BF1942_1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:29.8 GB) (Free:0.65 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 20F39EF4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: F174829F)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Link to post
Share on other sites

Hi bmg,

I am very sorry for the delay in getting back to you.

Is this computer still unable to connect to the internet?

If it still can't, you will need a USB flash drive to transfer these tools over to the infected computer. You will also need to use this flash drive to transfer the log so that you are able to post them. Please also put the fixlist.txt on their as well.

------------------------------------------------------

Download TFC by OldTimer to your Desktop.

  • Please double-click TFC.exe to run it.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

    Let it run uninterrupted till it has finished.

  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine to ensure a complete clean.
------------------------------------------------------
  • Press the windows keyWindows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop as fixlist.txt
start(WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exeHKLM\...\Run: [] - [X]HKLM-x32\...\Run: [WebInternetSecurity] - C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity)HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exeHKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXEHKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Temp\CT3287802\plugins\TBVerifier.dll",RunConduitFloatingPlugin ieiiggnfmhgcolbimglmfjfpkjildjdd <===== ATTENTIONHKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [BackgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTIONStartup: C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnkShortcutTarget: Oxy.lnk -> C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd (No File)BHO: Plus-HD-2.5 - {11111111-1111-1111-1111-110311341138} - C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-bho64.dll No FileBHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No FileBHO: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll ()BHO: BobyLyrics-16 - {11111111-1111-1111-1111-110411411160} - C:\Program Files (x86)\BobyLyrics-16\BobyLyrics-16-bho64.dll No FileBHO: sueRf and, keep - {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} - C:\Program Files (x86)\sueRf and, keep\5zuH5RP.x64.dll No FileBHO-x32: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll ()BHO: SearchNewTab - {4B707A9F-4096-E32F-2871-6C4148277737} - C:\Program Files (x86)\SearchNewTab\n.x64.dll No FileBHO: YoutubeAdblocker - {4F746501-B018-1546-6341-6EBFD137D3E0} - C:\Program Files (x86)\YoutubeAdblocker\Apb.x64.dll No FileBHO: TidyNetwork - {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} - C:\Program Files (x86)\TidyNetwork\petn64.dll No FileCHR Extension: (SearchNewTab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb [2013-11-22]CHR Extension: (DP1815) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob [2014-01-12]]CHR Extension: (YoutubeAdblocker) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc [2013-11-22]CHR Extension: (Max Websearch) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf [2013-03-22]CHR Extension: (Amazing Coupons) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-01-01]CHR Extension: (ShopOn Coupons, Cash Back, and Deals!) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo [2013-12-29]CHR Extension: (surF and keepe) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe [2013-11-22]CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx [2013-01-01]CHR HKLM-x32\...\Chrome\Extension: [jcgkbfhhkpooeffgglncbglkpinpbgcf] - C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx [2013-01-13]U2 ShopOn Service; C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [30320 2013-11-20] (ShopOn Unlimited LLC)S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]2014-03-27 16:03 - 2013-11-22 22:48 - 00000452 ____H () C:\windows\Tasks\SK.Enhancer-S-161304646.jobC:\ProgramData\pclunst.exeend
 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

 

Run FRST  and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

 

Note: If the tool warned you about an outdated version please download and run the updated version.

------------------------------------------------------

Your version of Java is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following programs:

couponamazing

Java 7 Update 45

Max Websearch

QuickShare

ScorpionSaver

ShopOn Coupon Extension Helper

Then go to https://www.java.com/en/download/ and download and install the current version, When you install it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

------------------------------------------------------

Download to the desktop:Dr.Web CureIt:

  • Doubleclick the cureit.exe file to launch the utility.
  • Check the box that says I agree.... and press Continue.
  • Click on the Select objects for scanning
  • Check the box for Scanning objects at the top which will check all items.
  • Click the Start scanning buttonw.
  • When the scan has finished, in the menu, click file and choose save report list.
  • Save the report to your desktop.
  • Close Dr.Web Cureit.
------------------------------------------------------

In your next reply, please post the Fixlog.txt and the Dr.Web Cureit log.

Also let me know how the computer is running and if you can connect the machine to the internet yet.

Link to post
Share on other sites

Max Websearch will not uninstall.

 

Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by L33tMaN at 2014-04-06 17:07:36 Run:1
Running from C:\Users\L33tMaN\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

(WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe
HKLM\...\Run: [] - [X]
HKLM-x32\...\Run: [WebInternetSecurity] - C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity)
HKU\.DEFAULT\...\Run: [searchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\...\MountPoints2: {ca5c79cb-ee09-11e1-bec1-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Temp\CT3287802\plugins\TBVerifier.dll",RunConduitFloatingPlugin ieiiggnfmhgcolbimglmfjfpkjildjdd <===== ATTENTION
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\...\Run: [backgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\cynical\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
Startup: C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk
ShortcutTarget: Oxy.lnk -> C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd (No File)
BHO: Plus-HD-2.5 - {11111111-1111-1111-1111-110311341138} - C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-bho64.dll No File
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader64.dll ()
BHO: BobyLyrics-16 - {11111111-1111-1111-1111-110411411160} - C:\Program Files (x86)\BobyLyrics-16\BobyLyrics-16-bho64.dll No File
BHO: sueRf and, keep - {3C13B37D-5624-A9B6-9BB2-11F23FF9E648} - C:\Program Files (x86)\sueRf and, keep\5zuH5RP.x64.dll No File
BHO-x32: ShopOn Coupon Helper Extension - {3FD43172-57ED-4973-8168-93E5D977D1F1} - C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\adxloader.dll ()
BHO: SearchNewTab - {4B707A9F-4096-E32F-2871-6C4148277737} - C:\Program Files (x86)\SearchNewTab\n.x64.dll No File
BHO: YoutubeAdblocker - {4F746501-B018-1546-6341-6EBFD137D3E0} - C:\Program Files (x86)\YoutubeAdblocker\Apb.x64.dll No File
BHO: TidyNetwork - {8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
CHR Extension: (SearchNewTab) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb [2013-11-22]
CHR Extension: (DP1815) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob [2014-01-12]]
CHR Extension: (YoutubeAdblocker) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc [2013-11-22]
CHR Extension: (Max Websearch) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf [2013-03-22]
CHR Extension: (Amazing Coupons) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-01-01]
CHR Extension: (ShopOn Coupons, Cash Back, and Deals!) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo [2013-12-29]
CHR Extension: (surF and keepe) - C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe [2013-11-22]
CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [jcgkbfhhkpooeffgglncbglkpinpbgcf] - C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx [2013-01-13]
U2 ShopOn Service; C:\Program Files (x86)\ShopOn Unlimited LLC\ShopOn Coupon Helper Extension\service.exe [30320 2013-11-20] (ShopOn Unlimited LLC)
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
2014-03-27 16:03 - 2013-11-22 22:48 - 00000452 ____H () C:\windows\Tasks\SK.Enhancer-S-161304646.job
C:\ProgramData\pclunst.exe

end

*****************

[4332] C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WebInternetSecurity => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.
HKU\S-1-5-21-383299565-3798718073-3649502856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{ca5c79cb-ee09-11e1-bec1-806e6f6e6963} => Key not found.
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_ieiiggnfmhgcolbimglmfjfpkjildjdd => Value deleted successfully.
HKU\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully.
C:\Users\cynical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Oxy\Application\bin\start.cmd not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341138} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311341138} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411361128} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key deleted successfully.
HKCR\CLSID\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411160} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411411160} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C13B37D-5624-A9B6-9BB2-11F23FF9E648} => Key deleted successfully.
HKCR\CLSID\{3C13B37D-5624-A9B6-9BB2-11F23FF9E648} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key not found.
HKCR\Wow6432Node\CLSID\{3FD43172-57ED-4973-8168-93E5D977D1F1} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B707A9F-4096-E32F-2871-6C4148277737} => Key deleted successfully.
HKCR\CLSID\{4B707A9F-4096-E32F-2871-6C4148277737} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F746501-B018-1546-6341-6EBFD137D3E0} => Key deleted successfully.
HKCR\CLSID\{4F746501-B018-1546-6341-6EBFD137D3E0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} => Key deleted successfully.
HKCR\CLSID\{8DB6C07E-2C6D-371D-E4C6-A63A1F190AD3} => Key deleted successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnplhmffnkjhpbfpodamiihpeeoidpeb => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjllbogbaogimpilgdginhalhhbmhiob => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmelfnfpiaidecmboalgjpejkfbipfpc => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncipbmpbinomjbkmafolhiegogggndlo => Moved successfully.
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfjloooedfenakhekclldohaddojbe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gkchbifjjnafgoolbibfmgkibbngknkk => Key deleted successfully.
"C:\Users\L33tMaN\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcgkbfhhkpooeffgglncbglkpinpbgcf => Key deleted successfully.
C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Chrome.crx => Moved successfully.
ShopOn Service => Service deleted successfully.
vToolbarUpdater18.0.5 => Service deleted successfully.
C:\windows\Tasks\SK.Enhancer-S-161304646.job => Moved successfully.
C:\ProgramData\pclunst.exe => Moved successfully.

==== End of Fixlog ====

 

I still cannot connect to the internet; it says: 'remote server refused connection.'

How can I update Java if I cannot connect!

 

Link to post
Share on other sites

Hi bmg,

Lets see if we can get you connected.

Are all browsers unable to connect to the Internet?

Also, is this machine connected via wireless or an ethernet cable for network access?

For some reason, I cannot post the other log; the page never seems to load...

Are you talking about the Dr.Web CureIt log? And are you able to download the program, or you can't even get that far?

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

Yes, I have run the tool, but when I post the results of the log, the page says it's loading, but the page never refreshes and the content remains the same.

I've tried this from 2 computers, so maybe the issue is on your end...

Link to post
Share on other sites

Yes, I have run the tool, but when I post the results of the log, the page says it's loading, but the page never refreshes and the content remains the same.

I've tried this from 2 computers, so maybe the issue is on your end...

Can you try attaching the log to your reply and see if it will upload?
Link to post
Share on other sites

I have a question:

There are 2 profiles on this computer, one I need a pw to enter, the other I don't.

If I run this scan on the latter, does it matter, or does it need to be run on the profile I've run the other programs on?

In other words, can you clean the computer from either profile?

Link to post
Share on other sites

Here is the last log:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by L33tMaN (administrator) on 09-04-2014 at 19:43:26
Running from "C:\Users\L33tMaN\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:49225;https=127.0.0.1:49225

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1502 802.11b/g/n = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : L33tMaN-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Dell Wireless 1502 802.11b/g/n
   Physical Address. . . . . . . . . : 08-3E-8E-4E-EB-3F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ff:2f1d:3274:67ec%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, April 09, 2014 5:16:48 PM
   Lease Expires . . . . . . . . . . : Thursday, April 10, 2014 5:16:48 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 235466169
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C9-65-E8-84-8F-69-F5-75-EE
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 84-8F-69-F5-75-EE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {EB646E42-B551-41DF-9398-D730745925BD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:c2:3676:9f1f:3284(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c2:3676:9f1f:3284%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2a00:1450:400c:c06::8b
      63.117.14.213
      63.117.14.219
      63.117.14.217
      63.117.14.216
      63.117.14.212
      63.117.14.215
      63.117.14.218
      63.117.14.214


Pinging google.com [63.117.14.214] with 32 bytes of data:
Reply from 63.117.14.214: bytes=32 time=13ms TTL=250
Reply from 63.117.14.214: bytes=32 time=11ms TTL=250

Ping statistics for 63.117.14.214:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 13ms, Average = 12ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=72ms TTL=250
Reply from 98.138.253.109: bytes=32 time=70ms TTL=250

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 70ms, Maximum = 72ms, Average = 71ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
 13...08 3e 8e 4e eb 3f ......Dell Wireless 1502 802.11b/g/n
 11...84 8f 69 f5 75 ee ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:90d7:c2:3676:9f1f:3284/128
                                    On-link
 13    281 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::c2:3676:9f1f:3284/128
                                    On-link
 13    281 fe80::ff:2f1d:3274:67ec/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2014 05:44:22 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/07/2014 05:19:22 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/06/2014 00:24:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (04/05/2014 02:40:49 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/29/2014 00:22:40 PM) (Source: Application Hang) (User: )
Description: The program BF2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a6c

Start Time: 01cf4b6ab5764aac

Termination Time: 56

Application Path: C:\Program Files (x86)\Origin Games\Battlefield 2 Complete Collection\BF2.exe

Report Id:

Error: (03/28/2014 08:05:37 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (04/09/2014 05:18:58 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/09/2014 05:18:58 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: )


Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/09/2014 05:18:16 PM) (Source: WMPNetworkSvc) (User: )


Error: (04/07/2014 06:27:29 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/07/2014 06:27:29 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/07/2014 06:26:07 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/07/2014 06:26:07 PM) (Source: WMPNetworkSvc) (User: )



Microsoft Office Sessions:
=========================
Error: (04/09/2014 05:44:22 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/07/2014 05:19:22 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/06/2014 07:01:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater18.0.5 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/06/2014 05:38:53 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service ShopOn Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/06/2014 00:24:49 PM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifestc:\program files (x86)\shopon unlimited llc\shopon coupon helper extension\adxloader.dll.Manifest2

Error: (04/05/2014 02:40:49 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/29/2014 00:22:40 PM) (Source: Application Hang)(User: )
Description: BF2.exe0.0.0.01a6c01cf4b6ab5764aac56C:\Program Files (x86)\Origin Games\Battlefield 2 Complete Collection\BF2.exe

Error: (03/28/2014 08:05:37 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


=========================== Installed Programs ============================

Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AlienAutopsy (Version: 3.1.5907.16)
Alienware Command Center (Version: 2.7.25.0)
Allied Intent .2 client
Allied Intent Xtended 2.0 (Version: 2.0)
Battlecraft 1942
Battlefield 1942 Windows Vista/7 Compatibility Fix
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 1942ô (Version: 1.6.20.0)
Battlefield 2 (Version: 1.5.0.0)
Battlefield 2 Demo
Battlefield Mod Development Toolkit 2.0 Beta
Command & Conquer Generals (Version: 0.50.0000)
Command & Conquerô 3 Tiberium Wars and Kane's Wrath (Version: 1.0.0.0)
Command & Conquerô 4 Tiberian Twilight (Version: 1.0.0.0)
Command & Conquerô and The Covert Operationsô (Version: 1.0.0.0)
Command & Conquerô Red Alert 2 and Yuriís Revenge (Version: 1.0.0.0)
Command & Conquerô Red Alert, Counterstrike and The Aftermath (Version: 1.0.0.0)
Command & Conquerô Red Alertô 3 and Uprising (Version: 1.0.0.0)
Command & Conquerô The Ultimate Collection Additional Content (Version: 1.0.0.0)
Command & Conquerô: Generals and Zero Hour (Version: 1.0.0.0)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
CyberLink PowerDVD 9.6 (Version: 9.6.1.4827)
D3DX10 (Version: 15.4.2368.0902)
Desura (Version: 100.53)
FFOLKES Unlocks123 mod v1.4.1
Forgoten Hope 2 (2 of 2) (dummy)
Forgotten Hope 0.70 (Version: 0.70)
Google Chrome (Version: 33.0.1750.154)
Google Earth (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.23.9)
Intel® Management Engine Components (Version: 8.0.4.1441)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 8.15.10.2696)
IntelÆ Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Lock On: Modern Air Combat (Version: 1.00.000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Max Websearch
Media Player Classic - Home Cinema v1.5.2.3456 (Version: 1.5.2.3456)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSI ODD Monitor (Version: 1.0.0.5)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA 3D Vision Driver 296.36 (Version: 296.36)
NVIDIA Control Panel 296.36 (Version: 296.36)
NVIDIA Graphics Driver 296.36 (Version: 296.36)
NVIDIA HD Audio Driver 1.3.14.1 (Version: 1.3.14.1)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9636)
NVIDIA Update Components (Version: 1.7.12)
Origin (Version: 9.4.6.2792)
PasswordBox (Version: 1.27.1.2938)
PowerISO (Version: 5.5)
Project Reality: BF2 (Version: v1.0)
PunkBuster for Battlefield 1942
Ravaged
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6494)
RealUpgrade 1.1 (Version: 1.1.0)
Saints Row IV
Sandbox
Savings Explorer (Version: 1.24.151.151)
Scholastic's I SPY Fantasy
Scholastic's I SPY Spooky Mansion Deluxe
Scholastic's I SPY Treasure Hunt (Version: 1.0)
ScorpionSaver (Version: 1.0.0.0)
Skypeô 6.11 (Version: 6.11.102)
Steam (Version: 1.0.0.0)
Team Fortress 2
The Elder Scrolls V: Skyrim
Virtual Families Packages
WebInternetSecurity
WestwoodChat (Version: 1.0.0.0)
WestwoodOnline (Version: 1.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 5.00 (32-bit) (Version: 5.00.0)
WOoKie Sniper Mod 1.3 (Version: 1.3)
WordPad+ version 1.01 (Version: 1.01)
World of Tanks
World of Warplanes Hack Toll 2.8
Xvid Video Codec (Version: 1.3.2)
Yahoo! Toolbar
Zune (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8090.38 MB
Available physical RAM: 5812.03 MB
Total Pagefile: 16178.93 MB
Available Pagefile: 13509.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.62 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:921.32 GB) (Free:637.78 GB) NTFS
2 Drive d: (DISC_1_BF1942_1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\L33TMAN-PC

Administrator            cynical                  Guest                    
L33tMaN                  UpdatusUser              

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

Link to post
Share on other sites

Hi bmg,

I am sorry for the delay, I had to leave town last minute for a family emergency.

 

Yes, it appears the computer can connect, but I am concerned about this Max Websearch program, which is still listed under 'programs.'

Is this a dangerous program to have installed?

I will be running an extensive search to find all traces that are leftover so that we can remove it.

Are you familiar with Junk Mail filter update? I recommend checking under the Publisher column in the Control Panel's Programs and Features to make sure the publisher isn't Microsoft. If not, please uninstall it.

-------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind*Websearch**WebInternetSecurity*:folderfind*Websearch**WebInternetSecurity*:regfindWebsearchWebInternetSecurity
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

-------------------------------------------

You are running an outdated version of Malwarebytes Anti-Malware.

To update from within the program, open MBAM, select the Update tab and click the 'Click here to find out more and check it out!' link - see image.

MB_screenshot1.jpg

To update via the website follow this link http://www.malwarebytes.org/update/

  • After you have updated, open up MBAM. If it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, click the Quarantine All button.
  • While still on the Scan tab, click the Export Log button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
-------------------------------------------

Please post the SystemLook.txt and MBAM log in your next reply.

Link to post
Share on other sites

Here is the scan:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:48 on 23/04/2014 by L33tMaN
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Websearch*"
C:\AdwCleaner\Quarantine\C\Users\cynical\AppData\Roaming\Mozilla\Firefox\Profiles\j5kc59fu.default\searchplugins\WebSearch.xml.vir    --a---- 643 bytes    [02:48 23/11/2013]    [02:48 23/11/2013] 33AE28D38714AA7C83981A97CF2CD700
C:\Program Files (x86)\Origin Games\Battlefield 2 Complete Collection\Support\EA Help\websearch.gif    --a---- 1137 bytes    [15:29 28/06/2011]    [15:29 28/06/2011] 3F27060B77FBAF2D7FBF4C0445F189EB
C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage    --a---- 3072 bytes    [02:25 16/01/2013]    [02:25 16/01/2013] A59E63D4C2626752A801DF734410F643
C:\Users\cynical\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_home.maxwebsearch.com_0.localstorage-journal    --a---- 3608 bytes    [02:25 16/01/2013]    [02:25 16/01/2013] AB3B4AC1BB13D448F98F120E0C6E02F8

Searching for "*WebInternetSecurity*"
C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe    --a---- 3548160 bytes    [22:06 20/01/2014]    [22:06 20/01/2014] E9266785503519DBC15BFADA8C19C40E
C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe    --a---- 797184 bytes    [19:02 05/12/2013]    [20:13 30/12/2013] 32EABDEC77EE9D02EA0ACDE54E817A2C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity\WebInternetSecurity.lnk    --a---- 1204 bytes    [22:06 20/01/2014]    [22:06 20/01/2014] 1B0DBBC3CB832EF64483DE97008AA8F0
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity\WebInternetSecurity.lnk    --a---- 1204 bytes    [22:06 20/01/2014]    [22:06 20/01/2014] 1B0DBBC3CB832EF64483DE97008AA8F0
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage    --a---- 3072 bytes    [23:16 20/01/2014]    [08:57 01/02/2014] 0451EC36C8CBC098EF258CC6B18443B1
C:\Users\L33tMaN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_webinternetsecurity.com_0.localstorage-journal    --a---- 3608 bytes    [23:16 20/01/2014]    [08:57 01/02/2014] 20BD5D11722A008E105F19DA59DA7957
C:\Windows\Prefetch\UNINSTALL.WEBINTERNETSECURITY-06945CD6.pf    --a---- 2502 bytes    [08:30 19/04/2014]    [08:30 19/04/2014] 5B78D526134F2BB37331F65D03CA8BE4
C:\Windows\Prefetch\WEBINTERNETSECURITY.EXE-E54ED12E.pf    --a---- 96574 bytes    [00:35 15/04/2014]    [00:35 15/04/2014] 69793E6170B524C8CD24BCD5AB541947

========== folderfind ==========

Searching for "*Websearch*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch    d------    [00:24 26/03/2014]
C:\FRST\Quarantine\C\Users\cynical\AppData\LocalLow\Maxwebsearch    d------    [21:07 06/04/2014]
C:\Program Files (x86)\Maxwebsearch    d------    [23:48 13/01/2013]
C:\Program Files (x86)\Maxwebsearch\Maxwebsearch    d------    [23:48 13/01/2013]
C:\Users\cynical\AppData\LocalLow\Maxwebsearch    d------    [23:48 13/01/2013]
C:\Users\cynical\AppData\LocalLow\Maxwebsearch\Firefox\maxwebsearch@maxwebsearch.com    d------    [23:48 13/01/2013]

Searching for "*WebInternetSecurity*"
C:\Program Files (x86)\Webinternetsecurity    d------    [22:06 20/01/2014]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity    d------    [22:06 20/01/2014]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity    d------    [22:06 20/01/2014]
C:\Users\L33tMaN\AppData\Local\WebInternetSecurity    d------    [20:58 10/02/2014]

========== regfind ==========

Searching for "Websearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\BobyLyrics-16\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){af=ah.charCodeAt(ai);ag+=aj.charAt((af>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Maxwebsearch\Maxwebsearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch]
"DisplayName"="Max Websearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch]
"Publisher"="Maxwebsearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch]
"InstallLocation"="C:\Program Files (x86)\Maxwebsearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxwebsearch]
"UninstallString"=""C:\Program Files (x86)\Maxwebsearch\uninstall.exe" /u /UserID=acbe75a5-0395-4d54-b43f-c2868abe120f /SourceID= /ImplementationID=maxwebsearch"
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\AppDataLow\Software\BobyLyrics-16\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var U=0;var ac="";function T(af){return ad(R(V(af)));}function S(af){return F(R(V(af)));}function M(af,ag){return I(R(V(af)),ag);}function aa(af,ag){return ad(K(V(af),V(ag)));}function P(af,ag){return F(K(V(af),V(ag)));}function L(af,ah,ag){return I(K(V(af),V(ah)),ag);}function ae(){return T("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function R(af){return Y(J(Q(af),af.length*8));}function K(ah,ak){var aj=Q(ah);if(aj.length>16){aj=J(aj,ah.length*8);}var af=Array(16),ai=Array(16);for(var ag=0;ag<16;ag++){af[ag]=aj[ag]^909522486;ai[ag]=aj[ag]^1549556828;}var al=J(af.concat(Q(ak)),512+ak.length*8);return Y(J(ai.concat(al),512+128));}function ad(ah){if(typeof U==="undefined"){U=0;}var aj=U?"0123456789ABCDEF":"0123456789abcdef";var ag="";var af;for(var ai=0;ai<ah.length;ai++){a
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\BobyLyrics-16\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var T=0;var ab="";function S(ae){return ac(Q(U(ae)));}function R(ae){return E(Q(U(ae)));}function L(ae,af){return H(Q(U(ae)),af);}function Z(ae,af){return ac(J(U(ae),U(af)));}function O(ae,af){return E(J(U(ae),U(af)));}function K(ae,ag,af){return H(J(U(ae),U(ag)),af);}function ad(){return S("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function Q(ae){return X(I(P(ae),ae.length*8));}function J(ag,aj){var ai=P(ag);if(ai.length>16){ai=I(ai,ag.length*8);}var ae=Array(16),ah=Array(16);for(var af=0;af<16;af++){ae[af]=ai[af]^909522486;ah[af]=ai[af]^1549556828;}var ak=I(ae.concat(P(aj)),512+aj.length*8);return X(I(ah.concat(ak),512+128));}function ac(ag){if(typeof T==="undefined"){T=0;}var ai=T?"0123456789ABCDEF":"0123456789abcdef";var af="";var ae;for(var ah=0;ah<ag.length;ah++){ae
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Conduit\ChromeExtData\ieiiggnfmhgcolbimglmfjfpkjildjdd\Repository]
"CT3287802.Default.originalOmniBoxUrl"="http://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_cr_us_display?ie=UTF8&tagbase=bds-y46&tag=bds-y46-serp-us-cr-20&tbrId=v1_bds-y46_e020580ae7d7492c8a581e14c36c7dde_1012_1005_20131123_US_cr_ds_todownload&query={searchTerms}"
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\DP1815\Plugins\91]
"JavaScript"="(function(i){if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var q=(function(){var T=0;var ab="";function S(ae){return ac(Q(U(ae)));}function R(ae){return E(Q(U(ae)));}function L(ae,af){return H(Q(U(ae)),af);}function Z(ae,af){return ac(J(U(ae),U(af)));}function O(ae,af){return E(J(U(ae),U(af)));}function K(ae,ag,af){return H(J(U(ae),U(ag)),af);}function ad(){return S("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function Q(ae){return X(I(P(ae),ae.length*8));}function J(ag,aj){var ai=P(ag);if(ai.length>16){ai=I(ai,ag.length*8);}var ae=Array(16),ah=Array(16);for(var af=0;af<16;af++){ae[af]=ai[af]^909522486;ah[af]=ai[af]^1549556828;}var ak=I(ae.concat(P(aj)),512+aj.length*8);return X(I(ah.concat(ak),512+128));}function ac(ag){if(typeof T==="undefined"){T=0;}var ai=T?"0123456789ABCDEF":"0123456789abcdef";var af="";var ae;for(var ah=0;ah<ag.length;ah++){ae=ag.cha
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\Plus-HD-2.5\Plugins\91]
"JavaScript"="
//------------------ PLUGIN monetizationLoader.js START ------------------
(function(i){var q=(function(){var T=0;var ab="";function S(ae){return ac(Q(U(ae)));}function R(ae){return E(Q(U(ae)));}function L(ae,af){return H(Q(U(ae)),af);}function Z(ae,af){return ac(J(U(ae),U(af)));}function O(ae,af){return E(J(U(ae),U(af)));}function K(ae,ag,af){return H(J(U(ae),U(ag)),af);}function ad(){return S("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function Q(ae){return X(I(P(ae),ae.length*8));}function J(ag,aj){var ai=P(ag);if(ai.length>16){ai=I(ai,ag.length*8);}var ae=Array(16),ah=Array(16);for(var af=0;af<16;af++){ae[af]=ai[af]^909522486;ah[af]=ai[af]^1549556828;}var ak=I(ae.concat(P(aj)),512+aj.length*8);return X(I(ah.concat(ak),512+128));}function ac(ag){if(typeof T==="undefined"){T=0;}var ai=T?"0123456789ABCDEF":"0123456789abcdef";var af="";var ae;for(var ah=0;ah<ag.length;ah
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\SweetPacks\toolbar\Settings\BackHandStorage\IndexTable\2895427961]
"value"="mam_gk_appState_PiclickV2-WebSearch"
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\AppDataLow\Software\weDownload Manager Pro\Plugins\91]
"JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&1
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.ct3316263.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%22f8dd215a-c407-4376-ae89-b7a125d9f652%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224adeb322-2ac8-4ad6-85bd-8ad10cfc5123%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22car
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Conduit\ValueApps\IE\Repository]
"mam_gk_appsConfig"="{"AppsConfiguration":[{"id":"Clarity_Active","url":"http://storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html","scriptUrl":null,"criterias":[{"criteriaId":"b0219e05-af2c-4abc-84eb-658b86e91ac1","domains":["*],"domainsException":["bing.","google.com","yahoo."]}],"optionsDialog":{"displayName":"Clarity","appDesc":null,"privacyPolicyUrl":null,"termsOfUseUrl":null},"HiddenApp":true,"EnabledInHttps":false},{"id":"JobsMiner","url":"http://jobsminer.com/collaborations/conduit/index2.html","scriptUrl":null,"criterias":[{"criteriaId":"ad4174e8-caef-45c6-83ab-7bdb3b4160f9","domains":["americasjobexchange.com","careerbuilder.com","dice.com","indeed.com","job.com","jobsearch.local-jobs","jobungo.com","snagajob.com","thingamajob.com"],"domainsException":[""]}],"optionsDialog":{"displayName":"JobsMiner","appDesc":"Jobsminer is a unique job search engine finding job offerings \nposted on lea
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1002\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}]
"URL"="http://amazon.smart-search.com/websearch/ref=bit_bds-y46_serp_ie_us_display?ie=UTF8&tagbase=bds-y46&tag=bds-y46-serp-us-ie-20&tbrId=v1_bds-y46_e020580ae7d7492c8a581e14c36c7dde_1012_1005_20131123_US_ie_ds_todownload&query={searchTerms}"

Searching for "WebInternetSecurity"
[HKEY_CURRENT_USER\Software\WebinternetsecurityInstalled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebInternetSecurity"=""C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity]
"DisplayName"="WebInternetSecurity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity]
"DisplayIcon"="C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity]
"Publisher"="Webinternetsecurity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity]
"InstallLocation"="C:\Program Files (x86)\Webinternetsecurity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity]
"UninstallString"=""C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe" /u /UserID=74b36710-9e5e-4564-9ff9-cd390b3247df /SourceID=webinternetsecurity-vertisa /ImplementationID=webinternetsecurity-vertisa"
[HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity]
[HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity]
"ptn"="webinternetsecurity-vertisa"
[HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity]
"sourceid"="webinternetsecurity-vertisa"
[HKEY_LOCAL_MACHINE\SOFTWARE\Webinternetsecurity]
"implementationid"="webinternetsecurity-vertisa"
[HKEY_USERS\S-1-5-21-383299565-3798718073-3649502856-1001\Software\WebinternetsecurityInstalled]

-= EOF =-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.