Trojan BHO.WPO in svchost.exe

[JustinLipner]

# AdwCleaner v3.308 - Report created 20/08/2014 at 18:41:43

# Updated 20/08/2014 by Xplode

# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)

# Username : Justin - HOME

# Running from : C:\Users\Justin\Desktop\adwcleaner_3.308.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : Update BrowseSmart

[#] Service Deleted : Util BrowseSmart

[#] Service Deleted : {7f2b4ad0-671a-477b-bcd4-79d041f50d27}Gt

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\blekko toolbars

Folder Deleted : C:\ProgramData\CodecC

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\GameTap Web Player

Folder Deleted : C:\ProgramData\House Of Soft

Folder Deleted : C:\ProgramData\ParetoLogic

Folder Deleted : C:\ProgramData\PC Optimizer Pro

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filesubmit

Folder Deleted : C:\Program Files\adawaretb

Folder Deleted : C:\Program Files\AnyProtectEx

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\comcasttb

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Free Ride Games

Folder Deleted : C:\Program Files\GameTap Web Player

Folder Deleted : C:\Program Files\iMesh Applications

Folder Deleted : C:\Program Files\Mobogenie

Folder Deleted : C:\Program Files\pc speed up

Folder Deleted : C:\Program Files\puredefmusic

Folder Deleted : C:\Program Files\SpeedItup Free

Folder Deleted : C:\Program Files\Toolbar Cleaner

Folder Deleted : C:\Program Files\VuuPC

Folder Deleted : C:\Users\Public\Documents\ShopperPro

Folder Deleted : C:\Users\RAC\AppData\Local\apn

Folder Deleted : C:\Users\RAC\AppData\Local\genienext

Folder Deleted : C:\Users\RAC\AppData\Local\Linkury

Folder Deleted : C:\Users\RAC\AppData\Local\Mobogenie

Folder Deleted : C:\Users\RAC\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\RAC\AppData\Local\PackageAware

Folder Deleted : C:\Users\RAC\AppData\LocalLow\adawaretb

Folder Deleted : C:\Users\RAC\AppData\LocalLow\comcasttb

Folder Deleted : C:\Users\RAC\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\RAC\AppData\LocalLow\mediabarim

Folder Deleted : C:\Users\RAC\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\RAC\AppData\LocalLow\Smartbar

Folder Deleted : C:\Users\RAC\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\RAC\AppData\LocalLow\wincoreimband

Folder Deleted : C:\Users\RAC\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

Folder Deleted : C:\Users\RAC\AppData\Roaming\Activeris

Folder Deleted : C:\Users\RAC\AppData\Roaming\GamesBar

Folder Deleted : C:\Users\RAC\AppData\Roaming\iWin

Folder Deleted : C:\Users\RAC\AppData\Roaming\pccustubinstaller

Folder Deleted : C:\Users\RAC\AppData\Roaming\Uniblue

Folder Deleted : C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup

Folder Deleted : C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

Folder Deleted : C:\Users\RAC\Documents\Mobogenie

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\adawaretb

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\alot-appbar

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\ConduitCommon

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\GamesBar

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\Smartbar

Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\Extensions\appbar@alot.com

Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\Extensions\staged\ffxtlbr@funmoods.com

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\qosnfyqy.default\Extensions\staged\ffxtlbr@funmoods.com

Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\Extensions\GameTapPlayer@gametap.com

Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\Extensions\staged\addon@defaulttab.com.xpi

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\qosnfyqy.default\Extensions\staged\addon@defaulttab.com.xpi

File Deleted : C:\Users\RAC\daemonprocess.txt

File Deleted : C:\Users\RAC\AppData\Roaming\aps.scan.quick.results

File Deleted : C:\Users\RAC\AppData\Roaming\aps.scan.results

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\.autoreg

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\defaulttab.config

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\qosnfyqy.default\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\searchplugins\search.xml

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\qosnfyqy.default\searchplugins\search.xml

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\user.js

File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\qosnfyqy.default\user.js

File Deleted : C:\Program Files\Mozilla Firefox\user.js

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : driverupdate startup

Task Deleted : SMupdate1

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole

Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{011166B1-9A69-4174-93D5-F7D3324553FE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272259}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{392DE650-A1E6-4FB3-A5A4-21285DE225BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D7C0D2ED-A16B-4939-BCAF-D61205B6D4DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B463ECD2-E5D8-4178-80C4-EC7C7E72F9AC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544154478}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E30A55B8-F1B7-43A4-B3F6-EC90CDC4FE60}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E30A55BA-F1B7-43A4-B3F6-EC90CDC4FE60}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E30A55BF-F1B7-43A4-B3F6-EC90CDC4FE60}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

Key Deleted : HKCU\Software\gamesbar

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\puredefmusic

Key Deleted : HKCU\Software\Surf Canyon

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim

Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser

Key Deleted : HKCU\Software\AppDataLow\Software\PremiereAdvertisingPlatform

Key Deleted : HKCU\Software\AppDataLow\Software\puredefmusic

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

Key Deleted : HKLM\SOFTWARE\adawaretb

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\CompeteInc

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DefaultTab

Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Key Deleted : HKLM\SOFTWARE\Driver-Soft

Key Deleted : HKLM\SOFTWARE\ParetoLogic

Key Deleted : HKLM\SOFTWARE\puredefmusic

Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Uniblue

Key Deleted : HKLM\SOFTWARE\Web Assistant

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealBulldog Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iWebar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lucky Savings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Object Browser

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Speed Maximizer_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlayMP3

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\puredefmusictoolbar Uninstall

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBasic

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Surf Canyon

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\xfin_portal

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16563

 

 

-\\ Mozilla Firefox v31.0 (x86 en-US)

 

[ File : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\042hgyb9.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

 

[ File : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\prefs.js ]

 

Line Deleted : user_pref("CT1320680..clientLogIsEnabled", false);

Line Deleted : user_pref("CT1320680..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

Line Deleted : user_pref("CT1320680..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

Line Deleted : user_pref("CT1320680.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Line Deleted : user_pref("CT1320680.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Line Deleted : user_pref("CT1320680.AppTrackingLastCheckTime", "Wed Jun 27 2012 10:54:52 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.BrowserCompStateIsOpen_5295060317045962640", true);

Line Deleted : user_pref("CT1320680.BrowserCompStateIsOpen_6103217173235939216", true);

Line Deleted : user_pref("CT1320680.CTID", "CT1320680");

Line Deleted : user_pref("CT1320680.CurrentServerDate", "5-7-2012");

Line Deleted : user_pref("CT1320680.DSInstall", true);

Line Deleted : user_pref("CT1320680.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT1320680.DialogsGetterLastCheckTime", "Thu Jul 05 2012 13:12:14 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT1320680.FirstServerDate", "26-6-2012");

Line Deleted : user_pref("CT1320680.FirstTime", true);

Line Deleted : user_pref("CT1320680.FirstTimeFF3", true);

Line Deleted : user_pref("CT1320680.FirstTimeHiddenVer", true);

Line Deleted : user_pref("CT1320680.FixPageNotFoundErrors", true);

Line Deleted : user_pref("CT1320680.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT1320680.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Line Deleted : user_pref("CT1320680.HPInstall", true);

Line Deleted : user_pref("CT1320680.HasUserGlobalKeys", true);

Line Deleted : user_pref("CT1320680.HomePageProtectorEnabled", true);

Line Deleted : user_pref("CT1320680.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3222437&SearchSource=13");

Line Deleted : user_pref("CT1320680.Initialize", true);

Line Deleted : user_pref("CT1320680.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT1320680.InstallationAndCookieDataSentCount", 3);

Line Deleted : user_pref("CT1320680.InstallationType", "Unknown");

Line Deleted : user_pref("CT1320680.InstalledDate", "Mon Jun 25 2012 20:30:02 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.IsAlertDBUpdated", true);

Line Deleted : user_pref("CT1320680.IsGrouping", false);

Line Deleted : user_pref("CT1320680.IsInitSetupIni", true);

Line Deleted : user_pref("CT1320680.IsMulticommunity", false);

Line Deleted : user_pref("CT1320680.IsOpenThankYouPage", false);

Line Deleted : user_pref("CT1320680.IsOpenUninstallPage", true);

Line Deleted : user_pref("CT1320680.IsProtectorsInit", true);

Line Deleted : user_pref("CT1320680.LanguagePackLastCheckTime", "Thu Jul 05 2012 13:12:15 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT1320680.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

Line Deleted : user_pref("CT1320680.LastLogin_3.13.0.6", "Thu Jul 05 2012 13:12:14 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.LatestVersion", "3.13.0.6");

Line Deleted : user_pref("CT1320680.Locale", "en");

Line Deleted : user_pref("CT1320680.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT1320680.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Line Deleted : user_pref("CT1320680.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT1320680.MyStuffEnabledAtInstallation", true);

Line Deleted : user_pref("CT1320680.OriginalFirstVersion", "3.13.0.6");

Line Deleted : user_pref("CT1320680.SavedHomepage", "hxxp://mystart.incredibar.com/mb161?a=6R8vNYQOiC&i=26");

Line Deleted : user_pref("CT1320680.SearchCaption", "A Free Ride Games Bar Customized Web Search");

Line Deleted : user_pref("CT1320680.SearchEngineBeforeUnload", "A Free Ride Games Bar Customized Web Search");

Line Deleted : user_pref("CT1320680.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT1320680.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT1320680.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT1320680.SearchInNewTabLastCheckTime", "Thu Jul 05 2012 13:12:14 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

Line Deleted : user_pref("CT1320680.SearchProtectorEnabled", true);

Line Deleted : user_pref("CT1320680.SearchProtectorToolbarDisabled", false);

Line Deleted : user_pref("CT1320680.SendProtectorDataViaLogin", true);

Line Deleted : user_pref("CT1320680.ServiceMapLastCheckTime", "Thu Jul 05 2012 13:12:14 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.SettingsLastCheckTime", "Thu Jul 05 2012 13:12:14 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.SettingsLastUpdate", "1339926577");

Line Deleted : user_pref("CT1320680.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3222437&SearchSource=13");

Line Deleted : user_pref("CT1320680.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT1320680.ThirdPartyComponentsLastCheck", "Mon Jun 25 2012 20:30:01 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.ThirdPartyComponentsLastUpdate", "1331805997");

Line Deleted : user_pref("CT1320680.ToolbarShrinkedFromSetup", false);

Line Deleted : user_pref("CT1320680.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3222437");

Line Deleted : user_pref("CT1320680.UserID", "UN44762626111454646");

Line Deleted : user_pref("CT1320680.ValidationData_Search", 2);

Line Deleted : user_pref("CT1320680.ValidationData_Toolbar", 2);

Line Deleted : user_pref("CT1320680.alertChannelId", "1652210");

Line Deleted : user_pref("CT1320680.backendstorage.cb_experience_000", "313232");

Line Deleted : user_pref("CT1320680.backendstorage.cb_firstuse0100", "31");

Line Deleted : user_pref("CT1320680.backendstorage.cb_user_id_000", "43423737303433383138393636375F46697265666F78");

Line Deleted : user_pref("CT1320680.backendstorage.cbcountry_001", "5553");

Line Deleted : user_pref("CT1320680.backendstorage.cbfirsttime", "4D6F6E204A756E20323520323031322032303A33303A313220474D542D3034303020284561737465726E204461796C696768742054696D6529");

Line Deleted : user_pref("CT1320680.backendstorage.for_aoi", "31333430363731333333");

Line Deleted : user_pref("CT1320680.backendstorage.for_ccid", "50697474736275726768");

Line Deleted : user_pref("CT1320680.backendstorage.for_cid", "5553");

Line Deleted : user_pref("CT1320680.backendstorage.for_ip", "32342E32332E3132332E313133");

Line Deleted : user_pref("CT1320680.backendstorage.for_lcut", "31333431333130323239");

Line Deleted : user_pref("CT1320680.backendstorage.for_rid", "5041");

Line Deleted : user_pref("CT1320680.backendstorage.for_zoneid", "3136393030");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api10_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api15_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api16_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api18_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api19_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api20_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api21_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api22_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api25_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api26_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api28_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api29_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api30_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api31_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api32_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api6_starwebnet_com.pid2", "34306330633339636361616434636337");

Line Deleted : user_pref("CT1320680.backendstorage.printitgreenstatus", "74727565");

Line Deleted : user_pref("CT1320680.backendstorage.shoppingapp.gk.exipres", "467269204A756C20303620323031322030313A33353A353120474D542D3034303020284561737465726E204461796C696768742054696D6529");

Line Deleted : user_pref("CT1320680.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");

Line Deleted : user_pref("CT1320680.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F6D656469612F616C62756D732F3F69643D3130303030303030323138333230373A3A3A636C69636B68616E646C65723A3[...]

Line Deleted : user_pref("CT1320680.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]

Line Deleted : user_pref("CT1320680.globalFirstTimeInfoLastCheckTime", "Mon Jun 25 2012 20:30:02 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.homepageProtectorEnableByLogin", true);

Line Deleted : user_pref("CT1320680.initDone", true);

Line Deleted : user_pref("CT1320680.isAppTrackingManagerOn", true);

Line Deleted : user_pref("CT1320680.myStuffEnabled", true);

Line Deleted : user_pref("CT1320680.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT1320680.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

Line Deleted : user_pref("CT1320680.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT1320680.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

Line Deleted : user_pref("CT1320680.navigateToUrlOnSearch", false);

Line Deleted : user_pref("CT1320680.revertSettingsEnabled", false);

Line Deleted : user_pref("CT1320680.searchProtectorDialogDelayInSec", 10);

Line Deleted : user_pref("CT1320680.searchProtectorEnableByLogin", true);

Line Deleted : user_pref("CT1320680.testingCtid", "CT3222437");

Line Deleted : user_pref("CT1320680.toolbarAppMetaDataLastCheckTime", "Thu Jul 05 2012 13:12:15 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.toolbarContextMenuLastCheckTime", "Mon Jun 25 2012 20:30:07 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1320680.usagesFlag", 2);

Line Deleted : user_pref("CT3222437.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]

Line Deleted : user_pref("CT3222437.autoDisableScopes", -1);

Line Deleted : user_pref("CT3306061.ConnectTB_activeApp.enc", "aW5zdGFncmFt");

Line Deleted : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3306061.FF19Solved", "true");

Line Deleted : user_pref("CT3306061.FirstTime", "true");

Line Deleted : user_pref("CT3306061.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3306061.UserID", "UN25530233830998173");

Line Deleted : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");

Line Deleted : user_pref("CT3306061.appOptions", "{}");

Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3306061.countryCode", "US");

Line Deleted : user_pref("CT3306061.defaultSearch", "true");

Line Deleted : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

Line Deleted : user_pref("CT3306061.enableAlerts", "true");

Line Deleted : user_pref("CT3306061.enableSearchFromAddressBar", "true");

Line Deleted : user_pref("CT3306061.firstTimeDialogOpened", "true");

Line Deleted : user_pref("CT3306061.fixPageNotFoundError", "true");

Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");

Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");

Line Deleted : user_pref("CT3306061.fullUserID", "UN25530233830998173.IN.20131217160438");

Line Deleted : user_pref("CT3306061.installDate", "17/12/2013 16:04:56");

Line Deleted : user_pref("CT3306061.installSessionId", "{ED83E26A-4C82-4856-B813-E1AFE1C81C9B}");

Line Deleted : user_pref("CT3306061.installSp", "TRUE");

Line Deleted : user_pref("CT3306061.installType", "conduitnsisintegration");

Line Deleted : user_pref("CT3306061.installUsage", "2013-12-22T22:07:43.0820918+03:00");

Line Deleted : user_pref("CT3306061.installUsageEarly", "2013-12-22T22:07:40.1288912+03:00");

Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");

Line Deleted : user_pref("CT3306061.isCheckedStartAsHidden", true);

Line Deleted : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");

Line Deleted : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3306061.keyword", true);

Line Deleted : user_pref("CT3306061.lastVersion", "10.23.0.822");

Line Deleted : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3306061.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://ConnectDLC5.OurToolbar.com/\",\"EB_TOO[...]

Line Deleted : user_pref("CT3306061.openThankYouPage", "false");

Line Deleted : user_pref("CT3306061.openUninstallPage", "true");

Line Deleted : user_pref("CT3306061.originalHomepage", "hxxp://www.alothome.com/en-us");

Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "hxxp://search.alot.com/web?src_id=30718&client_id=ede41859e83806c86244e628&camp_id=4388&install_time=2012-10-17T16:55:10Z&pr=auto&tb_version=1.1.1000(G[...]

Line Deleted : user_pref("CT3306061.originalSearchEngine", "ALOT Search");

Line Deleted : user_pref("CT3306061.originalSearchEngineName", "ALOT Search");

Line Deleted : user_pref("CT3306061.revertSettingsEnabled", "true");

Line Deleted : user_pref("CT3306061.search.searchAppId", "130158552044204297");

Line Deleted : user_pref("CT3306061.search.searchCount", "1");

Line Deleted : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");

Line Deleted : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");

Line Deleted : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");

Line Deleted : user_pref("CT3306061.searchRevert", "true");

Line Deleted : user_pref("CT3306061.searchSuggestEnabledByUser", "true");

Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");

Line Deleted : user_pref("CT3306061.searchUserMode", "2");

Line Deleted : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ConnectDLC5.OurToolbar.com//xpi\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1392413213203");

Line Deleted : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1392463528235");

Line Deleted : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1392413212843");

Line Deleted : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1392031743589");

Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1387739262953");

Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1387739263848");

Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.23.0.722_lastUpdate", "1387778956993");

Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.23.0.822_lastUpdate", "1392481618831");

Line Deleted : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1392031743736");

Line Deleted : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1392413213139");

Line Deleted : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1392413211427");

Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1392413211122");

Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1392481619043");

Line Deleted : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1392413211263");

Line Deleted : user_pref("CT3306061.settingsINI", true);

Line Deleted : user_pref("CT3306061.shouldFirstTimeDialog", "false");

Line Deleted : user_pref("CT3306061.showToolbarPermission", "false");

Line Deleted : user_pref("CT3306061.smartbar.CTID", "CT3306061");

Line Deleted : user_pref("CT3306061.smartbar.Uninstall", "0");

Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");

Line Deleted : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");

Line Deleted : user_pref("CT3306061.startPage", "true");

Line Deleted : user_pref("CT3306061.toolbarBornServerTime", "22-12-2013");

Line Deleted : user_pref("CT3306061.toolbarCurrentServerTime", "15-2-2014");

Line Deleted : user_pref("CT3306061.toolbarInstallDate", "17-12-2013 16:04:43");

Line Deleted : user_pref("CT3306061.toolbarLoginClientTime", "Sun Dec 22 2013 14:07:44 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.23.0.722");

Line Deleted : user_pref("CT3306061.xpeMode", "0");

Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1392481607268,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3222437&SearchSource=13");

Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "A Free Ride Games Bar Customized Web Search");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3222437/CT3222437", "\"485f8d3d7ab051b0aad0cf8de16118b22\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1652210/1644925/US", "\"0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3222437", "\"1337514851\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f1\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3222437", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");

Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\RAC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\54je98ra.default\\conduitCommon\\modules\\3.13.0.6");

Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");

Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb161/?loc=IB_DS&a=6R8vNYQOiC&&i=26&search=");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1320680");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1320680");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1320680");

Line Deleted : user_pref("CommunityToolbar.globalUserId", "a5be2c14-ee47-4cba-aa9d-0e34ff789ab5");

Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1320680");

Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 02 2012 20:42:09 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Jul 05 2012 13:12:23 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 05 2012 13:12:15 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Line Deleted : user_pref("CommunityToolbar.notifications.userId", "a3593551-cec3-43d1-aec8-8f8ec48acc51");

Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredibar.com/mb161?a=6R8vNYQOiC&i=26");

Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN25530233830998173&UM=2&q=");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.alot.com/web?src_id=30718&client_id=ede41859e83806c86244e628&camp_id=4388&install_time=2012-10-17T16:55:10Z&pr=auto&tb_version=1.1.100[...]

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");

Line Deleted : user_pref("backup.old.browser.search.selectedEngine", "My Web Search");

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

Line Deleted : user_pref("extensions.5affxtbr@MyWebFace_5a.com.install-event-fired", true);

Line Deleted : user_pref("extensions.alotab.oldHomepage", "hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP185A6838-D381-4228-B663-A6F51A98EAB9&SSPV=");

Line Deleted : user_pref("extensions.alotab.oldKeyword", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN25530233830998173&UM=2&q=");

Line Deleted : user_pref("extensions.defaulttab.config", "{\"set_default_search\":\"Search Here|Search Here\",\"features\":[{\"engine\":\"Related Search - NS1 - DDC\",\"additional_config\":\"c=1A3578,tlid=22406\",\"[...]

Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.1,GameTapPlayer%40gametap.com:4.4.0.8,testpilot%40labs.mozilla.com:1.2.3,%7B7ffa5f54-1c4f-46de-8576-c271a0dd482f%7D:3.2.0.37,%7BE85886[...]

Line Deleted : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);

Line Deleted : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);

Line Deleted : user_pref("extensions.funmoods.aflt", "axl");

Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Line Deleted : user_pref("extensions.funmoods.cntry", "US");

Line Deleted : user_pref("extensions.funmoods.cv", "cv5");

Line Deleted : user_pref("extensions.funmoods.dfltLng", "");

Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");

Line Deleted : user_pref("extensions.funmoods.dfltsrch", true);

Line Deleted : user_pref("extensions.funmoods.dnsErr", true);

Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Line Deleted : user_pref("extensions.funmoods.excTlbr", false);

Line Deleted : user_pref("extensions.funmoods.hdrMd5", "7EDA3918F4A5602B3675C76FA2DCCB4D");

Line Deleted : user_pref("extensions.funmoods.hmpg", true);

Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtD0Azz0B0A0B0D0A0CzztN0D0Tzu0CtBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775530127");

Line Deleted : user_pref("extensions.funmoods.hrdid", "00219B0A8BABDAC8");

Line Deleted : user_pref("extensions.funmoods.id", "00219B0A8BABDAC8");

Line Deleted : user_pref("extensions.funmoods.instlDay", "15547");

Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");

Line Deleted : user_pref("extensions.funmoods.instlday", "15547");

Line Deleted : user_pref("extensions.funmoods.instlref", "axl");

Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Line Deleted : user_pref("extensions.funmoods.keywordurl", "");

Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.226:24:20");

Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Line Deleted : user_pref("extensions.funmoods.newTab", true);

Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtD0Azz0B0A0B0D0A0CzztN0D0Tzu0CtBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775530127");

Line Deleted : user_pref("extensions.funmoods.newtab", true);

Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtD0Azz0B0A0B0D0A0CzztN0D0Tzu0CtBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775530127");

Line Deleted : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");

Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");

Line Deleted : user_pref("extensions.funmoods.sg", "none");

Line Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "feaba91fd9df2f59");

Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Line Deleted : user_pref("extensions.funmoods.smplgrp", "none");

Line Deleted : user_pref("extensions.funmoods.srch", "");

Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");

Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtD0Azz0B0A0B0D0A0CzztN0D0Tzu0CtBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775530127&[...]

Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");

Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtD0Azz0B0A0B0D0A0CzztN0D0Tzu0CtBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775530127&[...]

Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.226:24:20");

Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Line Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.226:24:20");

Line Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "16-8-2012");

Line Deleted : user_pref("extensions.funmoods_i.newTab", true);

Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.226:24:20");

Line Deleted : user_pref("extensions.gamesbar.iplay.config.customer_support", "iVBORw0KGgoAAAANSUhEUgAAABsAAAAbCAYAAACN1PRVAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2ZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/[...]

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Line Deleted : user_pref("extensions.helperbar.Visibility", false);

Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1393952349");

Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "MyStart Search");

Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3222437&SearchSource=2&q=");

Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "A Free Ride Games Bar Customized Web Search");

Line Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById('cblocker')){document.getElementById('cblocker').parentNode.re[...]

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=EE15AA26-E056-4CB2-811E-550C346BB0EE&n=77edf02f&ptnrS=9Nfox000");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2012082223");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "9Nfox000");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "EE15AA26-E056-4CB2-811E-550C346BB0EE");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1346716973942");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.searchHistory", "flight tracler||comcast.net");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "15201");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=5AFCA05C-389A-4F49-A7AC-496DDDB60048&n=77edc845&p2=^RG^xdm685^S01641^us");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.hp.enabled", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.hp.lastGuardTime", -1026470174);

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.hp.numGuards", 1);

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.hp.user.defined", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.initialized", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.contextKey", "");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.installDate", "2012072005");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.partnerId", "^RG^xdm685^S01641^us");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.partnerSubId", "");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.success", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.installation.toolbarId", "5AFCA05C-389A-4F49-A7AC-496DDDB60048");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.lastActivePing", "1343330692388");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.searchHistory", "inmate locator PA||pa id||pa department of transportation||");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.tab.date", "1342777032073");

Line Deleted : user_pref("extensions.toolbar.mindspark._4wMembers_.weather.location", "15201");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=61624B33-8312-4E1F-AF9D-CC7646193669&n=77ee17f9&ptnrS=GRxdm347YYus&si=4118");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.initialized", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.contextKey", "");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.installDate", "2012092409");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.partnerId", "GRxdm347YYus");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.partnerSubId", "4118");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.success", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.toolbarId", "61624B33-8312-4E1F-AF9D-CC7646193669");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.lastActivePing", "1350488479683");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.searchHistory", "comcast.net||jerrydownsphoto");

Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.weather.location", "15201");

Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);

Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");

Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "mywebface@mindspark.com");

Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled", true);

Line Deleted : user_pref("extensions.toolbar.mindspark.sa.owner", "mywebface@mindspark.com");

Line Deleted : user_pref("extensions.toolbar.mindspark.tab.enabled", true);

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN25530233830998173&UM=2&SearchSource=13");

Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN25530233830998173&UM=2&q=");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.machineId", "UWNMVOELOXB5NQLINGRD6YBD6MYHY2+66SFYVTWB2QHWXG45IR5ZN9+OKFWNCUCVJWRQM4RMMMQX5PPQVLMUIQ");

Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion", "312E31332E302E3137");

Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls", "31");

Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3306061.mam_gk_userBornDate", "4E2F41");

Line Deleted : user_pref("valueApps.CT3306061.mam_gk_userBornDate.storedInFile", false);

 

[ File : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\qosnfyqy.default\prefs.js ]

 

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtD0Azz0B0A0B0D0A0CzztN0D0Tzu0CtBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775530127");

 

-\\ Google Chrome v36.0.1985.143

 

[ File : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj

Deleted [Extension] : oejkcgajlodefenbbjdnaiahmbnnoole

 

*************************

 

AdwCleaner[R0].txt - [62188 octets] - [20/08/2014 18:34:59]

AdwCleaner[s0].txt - [63383 octets] - [20/08/2014 18:41:43]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [63444 octets] ##########

[JustinLipner]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows Vista Home Basic x86

Ran by Justin on Wed 08/20/2014 at 19:17:57.47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] antispywareservice 

Failed to delete: [service] antispywareservice 

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3272686857-3468428945-150708638-1001\Software\web assistant

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\linkurysmartbar.bandobjectattribute

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4B0F1E23-3430-487A-9E25-75CDEDE10CDB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E721428C-EC38-4485-A2BA-936A3B4238C5}

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\system32\RENA03A.tmp

Successfully deleted: [File] C:\Windows\system32\RENA03B.tmp

Successfully deleted: [File] C:\Windows\system32\RENA054.tmp

Successfully deleted: [File] C:\Windows\system32\RENA055.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\fighters"

Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\fighters"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\adawaretb"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\comcasttb"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\mediabarim"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\mywebsearch"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\puredefmusic"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\smartbar"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\toolbar4"

Successfully deleted: [Folder] "C:\Users\Justin\Local Settings\Application Data\adawarebp"

Successfully deleted: [Folder] "C:\Program Files\w3i, llc"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\2nhy2ugw.default\user.js

Successfully deleted the following from C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\2nhy2ugw.default\prefs.js

 

user_pref("avg.install.userHPSettings", "hxxp://search.imesh.com");

user_pref("browser.search.defaultenginename", "Web Search");

user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A

user_pref("extensions.a2c8ca2948c594a168801a96deabe743egmailcom62206.62206.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.

user_pref("extensions.a2c8ca2948c594a168801a96deabe743egmailcom62206.62206.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfil

user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);

Emptied folder: C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\2nhy2ugw.default\minidumps [21 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 08/20/2014 at 19:29:40.11

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[JustinLipner]

 Results of screen317's Security Check version 0.99.87  

 Windows Vista Service Pack 2 x86 (UAC is disabled!)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition 2014   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 CCleaner     

 Java 6 Update 31  

 Java 7 Update 65  

 Java version out of Date! 

 Adobe Flash Player 14.0.0.145  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox (31.0) 

 Google Chrome 36.0.1985.125  

 Google Chrome 36.0.1985.143  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Spybot Teatimer.exe is disabled! 

 AVG avgwdsvc.exe 

 AVG avgrsx.exe 

 AVG avgnsx.exe 

 AVG avgemc.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 20 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

[Psychotic]

Your system is clean now!

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

Defrag your hard drive
 
Your hard drive is heavily fragmented. This may result in performance losses. If it is NOT an SSD drive, use a tool like Auslogic DiskDefrag to defrag the drive.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:

• Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
• Save and close all running applications
• Double-click on TFC.exe to run the program
• Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
• When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[JustinLipner]

I renamed combofix to uninstall.exe but it's trying to scan everything again or is this normal?

[Psychotic]

Depending on if you have the endings displayed in windows or not, you must rename the file.

If it was named Combofix.exe it hast to be renamed to Uninstall.exe.

 

If it is displayed simply Combofix, rename it to uninstall.

 

When running the renamed file, CF will start to run and after a few seconds display a message box saying that it was uninstalled.

[JustinLipner]

Uninstalled combofix and delfix got rid of everything else. Thank you so much for your helps I really appreciate it .

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Topic reopened per user request.

[JustinLipner]

So what do you think is blocking google Pyschotic?

[Psychotic]

Let´s see:

 

Scan with Mini Toolbox 


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
 

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
  

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

[JustinLipner]

MiniToolBox by Farbar  Version: 21-07-2014

Ran by Justin (administrator) on 09-09-2014 at 04:03:31

Running from "C:\Users\Justin\Desktop"

Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

ProxyServer:

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ============================== 

 

"network.proxy.type", 0

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : home

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Unknown

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : home

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

   Physical Address. . . . . . . . . : 00-21-9B-0A-8B-AB

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::494d:89d8:bea3:f581%11(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, September 04, 2014 11:12:41 AM

   Lease Expires . . . . . . . . . . : Tuesday, September 09, 2014 11:12:40 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 251666843

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-72-68-02-00-21-9B-0A-8B-AB

   DNS Servers . . . . . . . . . . . : 2001:558:feed::2

                                       2001:558:feed::1

                                       8.8.8.8

                                       8.8.4.4

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 7:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 02-00-54-55-4E-01

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  UnKnown

Address:  2001:558:feed::2

 

 

 

Pinging google.com [65.199.32.59] with 32 bytes of data:

 

Reply from 65.199.32.59: bytes=32 time=17ms TTL=250

 

Reply from 65.199.32.59: bytes=32 time=17ms TTL=250

 

 

 

Ping statistics for 65.199.32.59:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 17ms, Maximum = 17ms, Average = 17ms

 

Server:  UnKnown

Address:  2001:558:feed::2

 

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=89ms TTL=246

 

Reply from 206.190.36.45: bytes=32 time=85ms TTL=246

 

 

 

Ping statistics for 206.190.36.45:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 85ms, Maximum = 89ms, Average = 87ms

 

 

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

 

 

Ping statistics for 127.0.0.1:

 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

 

Approximate round trip times in milli-seconds:

 

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

===========================================================================

Interface List

 11 ...00 21 9b 0a 8b ab ...... Intel® 82562V-2 10/100 Network Connection

  1 ........................... Software Loopback Interface 1

 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     20

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link       192.168.1.7    276

      192.168.1.7  255.255.255.255         On-link       192.168.1.7    276

    192.168.1.255  255.255.255.255         On-link       192.168.1.7    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link       192.168.1.7    276

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link       192.168.1.7    276

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

 11    276 fe80::/64                On-link

 11    276 fe80::494d:89d8:bea3:f581/128

                                    On-link

  1    306 ff00::/8                 On-link

 11    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

 

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (09/09/2014 03:00:52 AM) (Source: System Restore) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).

 

Error: (09/09/2014 03:00:51 AM) (Source: SPP) (User: )

Description: Shadow copy creation failed because of error reported by ASR Writer.

 

More info: The parameter is incorrect. (0x80070057).

 

Error: (09/08/2014 02:59:57 PM) (Source: Perflib) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/08/2014 02:59:55 PM) (Source: Perflib) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/08/2014 03:00:39 AM) (Source: System Restore) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).

 

Error: (09/08/2014 03:00:39 AM) (Source: SPP) (User: )

Description: Shadow copy creation failed because of error reported by ASR Writer.

 

More info: The parameter is incorrect. (0x80070057).

 

Error: (09/07/2014 02:56:02 PM) (Source: Perflib) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/07/2014 02:56:01 PM) (Source: Perflib) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/07/2014 03:00:36 AM) (Source: System Restore) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).

 

Error: (09/07/2014 03:00:36 AM) (Source: SPP) (User: )

Description: Shadow copy creation failed because of error reported by ASR Writer.

 

More info: The parameter is incorrect. (0x80070057).

 

 

System errors:

=============

Error: (09/09/2014 03:03:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/08/2014 03:02:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/07/2014 03:02:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/06/2014 03:02:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/05/2014 03:01:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/04/2014 03:02:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/03/2014 03:02:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/02/2014 00:32:02 PM) (Source: Service Control Manager) (User: )

Description: Google Update Service (gupdate)%%1053

 

Error: (09/02/2014 00:32:02 PM) (Source: Service Control Manager) (User: )

Description: 30000Google Update Service (gupdate)

 

Error: (09/02/2014 00:29:51 PM) (Source: Service Control Manager) (User: )

Description: SBRE

 

 

Microsoft Office Sessions:

=========================

Error: (09/09/2014 03:00:52 AM) (Source: System Restore)(User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x800423f4

 

Error: (09/09/2014 03:00:51 AM) (Source: SPP)(User: )

Description: ASR WriterThe parameter is incorrect. (0x80070057)

 

Error: (09/08/2014 02:59:57 PM) (Source: Perflib)(User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/08/2014 02:59:55 PM) (Source: Perflib)(User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/08/2014 03:00:39 AM) (Source: System Restore)(User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x800423f4

 

Error: (09/08/2014 03:00:39 AM) (Source: SPP)(User: )

Description: ASR WriterThe parameter is incorrect. (0x80070057)

 

Error: (09/07/2014 02:56:02 PM) (Source: Perflib)(User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/07/2014 02:56:01 PM) (Source: Perflib)(User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/07/2014 03:00:36 AM) (Source: System Restore)(User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x800423f4

 

Error: (09/07/2014 03:00:36 AM) (Source: SPP)(User: )

Description: ASR WriterThe parameter is incorrect. (0x80070057)

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-02 19:55:23.350

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 19:55:22.810

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 19:55:22.225

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 16:01:26.916

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 16:01:26.323

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 16:01:25.783

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 16:01:25.129

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 15:16:16.263

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 15:16:15.723

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-02 15:16:15.172

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

 

=========================== Installed Programs ============================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden

Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)

Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)

AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden

BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.0.4049 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM\...\{50DA15C1-0161-40EE-A325-0BE5BA03C026}) (Version: 0.9.0.4049 - BlueStack Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)

DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)

EarthLink Setup Files (HKLM\...\{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}) (Version: 2008.1.18.0 - EarthLink, Inc.)

Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

Freemake Video Converter version 3.0.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.0.1 - Ellora Assets Corporation)

GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)

Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Horizon v2.7.3.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.3.0 - Daring Development Inc.)

HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)

IHA_MessageCenter (HKLM\...\{45F447E8-E029-4CA5-B4CD-38820D4CFE5D}) (Version: 1.9.7 - Verizon)

Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)

Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden

iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)

Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden

Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )

Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

mmth (HKLM\...\{24217A28-B8A8-402B-AF46-C80694D86AC6}) (Version: 1.0.0 - FileSubmit)

Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)

Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MusicOasis (HKLM\...\MusicOasis) (Version: 1.0.3 - W3i, LLC)

MusicOasis (Version: 1.0.3 - W3i, LLC) Hidden

Muvic Smartbar (HKLM\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.)

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

OldSchool RuneScape Launcher 1.2.3 (HKLM\...\{CCCEAAD4-3D2F-42C1-9AAA-08D458DB3509}) (Version: 1.2.3 - Jagex Ltd)

PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden

ptsunset (HKLM\...\{014ED72C-2BF4-4501-8046-91CC1E4C8427}) (Version: 1.0.0 - FileSubmit)

QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

RuneScape Launcher 1.2.3 (HKLM\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Mobile Device Updater Component (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)

WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

WinSCP 5.5.5 (HKLM\...\winscp3_is1) (Version: 5.5.5 - Martin Prikryl)

Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)

Zune (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

 

========================= Memory info: ===================================

 

Percentage of memory in use: 58%

Total physical RAM: 2036.45 MB

Available physical RAM: 851.05 MB

Total Pagefile: 4322.19 MB

Available Pagefile: 2047.42 MB

Total Virtual: 2047.88 MB

Available Virtual: 1954.5 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:22.83 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.5 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\HOME

 

Administrator            Guest                    Justin                   

RAC                      

 

 

**** End of log ****

[JustinLipner]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014

Ran by Justin (administrator) on HOME on 09-09-2014 04:06:25

Running from C:\Users\Justin\Desktop

Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

(Lexmark International Inc.) C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

( ) C:\Windows\System32\dlbacoms.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\w32x86\3\lxdxserv.exe

( ) C:\Windows\System32\lxdxcoms.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\IHAMCNotify.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )

HKLM\...\Run: [lxdxmon.exe] => C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe [668328 2008-03-20] ()

HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe [107176 2008-03-20] (Lexmark International Inc.)

HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159472 2010-11-11] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)

HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM\...\Run: [blueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [835288 2014-07-22] (BlueStack Systems, Inc.)

HKU\S-1-5-21-3272686857-3468428945-150708638-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3272686857-3468428945-150708638-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080929

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 

SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}

SearchScopes: HKCU - {7DF29870-ADCB-4FF5-AC37-D85FBA1A6244} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120312,6900,0,6,0

SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110819&iesrc={referrer:source}

SearchScopes: HKCU - {E5F5D888-2587-E012-A817-7038F5690F26} URL = http://mmb.bingstart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-152-0-QYbW

 

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files\xfin_portal\auxi\comcastAu.dll No File

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{A9E48C68-6CC4-4C13-ACD4-794241AB6C26}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4

 

FireFox:

========

FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2nhy2ugw.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Test Pilot - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2nhy2ugw.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-03-12]

FF Extension: WordExtra - C:\Program Files\Mozilla Firefox\browser\extensions\korey@markus.me [2014-03-03]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-21]

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-03-11]

FF HKCU\...\Firefox\Extensions: [info@friendschecker.com] - C:\Program Files\FriendsChecker\Firefox

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://search.imesh.com/

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}

CHR CustomProfile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-12]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]

CHR Extension: (WOT) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-08-21]

CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-12]

CHR Extension: (Adblock Plus) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-21]

CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-12]

CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-12]

CHR HKLM\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\ProgramData\CodecC\hjakmojkcnhgipgkkbiempkfdndcnlah.crx []

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]

R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-07-22] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-22] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [777944 2014-07-22] (BlueStack Systems, Inc.)

R2 dlba_device; C:\Windows\system32\dlbacoms.exe [538096 2007-03-05] ( )

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)

R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)

R2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [98984 2009-08-19] (Lexmark International, Inc.)

R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [594600 2008-02-27] ( )

R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-22] (BlueStack Systems)

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2014-08-09] (GFI Software)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-08] (Malwarebytes Corporation)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-19] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Justin\AppData\Local\Temp\catchme.sys [X]

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-09 04:06 - 2014-09-09 04:07 - 00022238 _____ () C:\Users\Justin\Desktop\FRST.txt

2014-09-09 04:06 - 2014-09-09 04:06 - 00000000 ____D () C:\FRST

2014-09-09 04:05 - 2014-09-09 04:05 - 01097728 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe

2014-09-09 04:05 - 2014-09-09 04:05 - 01097728 _____ (Farbar) C:\Users\Justin\Desktop\FRST.exe

2014-09-09 04:03 - 2014-09-09 04:03 - 00030205 _____ () C:\Users\Justin\Desktop\Result.txt

2014-09-09 04:01 - 2014-09-09 04:01 - 00401920 _____ (Farbar) C:\Users\Justin\Downloads\MiniToolBox.exe

2014-09-09 04:01 - 2014-09-09 04:01 - 00401920 _____ (Farbar) C:\Users\Justin\Desktop\MiniToolBox.exe

2014-09-09 02:20 - 2014-09-09 02:20 - 00000600 _____ () C:\Users\Justin\AppData\Roaming\winscp.rnd

2014-09-09 02:06 - 2014-09-09 02:06 - 00000000 ____D () C:\Users\Justin\Desktop\LaunchDaemons.backup

2014-09-09 02:04 - 2014-09-09 02:04 - 00000000 ____D () C:\Users\Justin\Documents\LaunchDaemons.backup

2014-09-09 02:03 - 2014-09-09 02:03 - 00000000 ____D () C:\Users\Justin\Desktop\LaunchDaemons

2014-09-09 02:02 - 2014-09-09 02:02 - 00000000 ____D () C:\Users\Justin\Desktop\Caches

2014-09-09 01:45 - 2014-09-09 01:45 - 00000840 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2014-09-09 01:45 - 2014-09-09 01:45 - 00000778 _____ () C:\Users\Public\Desktop\WinSCP.lnk

2014-09-09 01:45 - 2014-09-09 01:45 - 00000000 ____D () C:\Program Files\WinSCP

2014-09-09 01:44 - 2014-09-09 01:44 - 04626416 _____ (Martin Prikryl ) C:\Users\Justin\Downloads\winscp555setup.exe

2014-08-28 03:02 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 03:02 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-26 17:51 - 2014-08-26 17:51 - 00000000 ____D () C:\Users\Justin\jagexcache1

2014-08-26 17:51 - 2014-08-26 17:51 - 00000000 ____D () C:\Users\Justin\.jagex_cache_32

2014-08-21 22:29 - 2014-08-21 22:28 - 00448512 _____ (OldTimer Tools) C:\Users\Justin\Desktop\TFC.exe

2014-08-21 22:28 - 2014-08-21 22:28 - 00448512 _____ (OldTimer Tools) C:\Users\Justin\Downloads\TFC.exe

2014-08-21 22:22 - 2014-08-21 22:22 - 00001463 _____ () C:\DelFix.txt

2014-08-21 22:21 - 2014-08-21 22:21 - 00709564 _____ () C:\Users\Justin\Downloads\delfix_10.8.exe

2014-08-21 05:13 - 2014-08-21 05:13 - 00000964 _____ () C:\Users\Justin\Desktop\Auslogics DiskDefrag.lnk

2014-08-21 05:13 - 2014-08-21 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

2014-08-21 05:13 - 2014-08-21 05:13 - 00000000 ____D () C:\ProgramData\Auslogics

2014-08-21 05:13 - 2014-08-21 05:13 - 00000000 ____D () C:\Program Files\Auslogics

2014-08-21 05:12 - 2014-08-21 05:12 - 06326216 _____ (Auslogics Labs Pty Ltd ) C:\Users\Justin\Downloads\disk-defrag-setup.exe

2014-08-21 05:12 - 2014-08-21 05:12 - 06326216 _____ (Auslogics Labs Pty Ltd ) C:\Users\Justin\Documents\disk-defrag-setup.exe

2014-08-21 05:10 - 2014-08-21 05:10 - 00001894 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-08-21 05:10 - 2014-08-21 05:10 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-08-21 04:45 - 2014-08-21 04:45 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-08-21 04:44 - 2014-08-21 04:44 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-21 04:44 - 2014-08-21 04:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-21 04:44 - 2014-08-21 04:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-21 04:44 - 2014-08-21 04:44 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-21 04:44 - 2014-08-21 04:44 - 00000000 ____D () C:\Program Files\Java

2014-08-21 04:42 - 2014-08-21 04:41 - 00918952 _____ (Oracle Corporation) C:\Users\Justin\Documents\jxpiinstall (1).exe

2014-08-21 04:41 - 2014-08-21 04:41 - 00918952 _____ (Oracle Corporation) C:\Users\Justin\Downloads\jxpiinstall (1).exe

2014-08-20 19:38 - 2014-08-20 19:48 - 00000000 ____D () C:\Users\Justin\AppData\Local\adawarebp

2014-08-20 19:09 - 2014-08-21 22:22 - 00000000 ____D () C:\Windows\ERUNT

2014-08-20 18:46 - 2014-08-21 05:46 - 00005436 _____ () C:\Windows\PFRO.log

2014-08-20 18:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-08-19 23:30 - 2014-08-19 23:30 - 00000000 ____D () C:\Users\RAC\AppData\Local\{A46BF712-53AB-4018-B830-341611016349}

2014-08-19 20:42 - 2014-08-19 20:42 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-19 20:42 - 2014-08-19 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-19 20:42 - 2014-08-19 20:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-19 20:42 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-19 20:42 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-19 20:42 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-19 20:40 - 2014-08-19 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-19 08:40 - 2014-08-19 08:40 - 00000000 ____D () C:\Users\Justin\Documents\ProcAlyzer Dumps

2014-08-19 07:09 - 2014-08-19 07:09 - 00000000 ____D () C:\Users\RAC\AppData\Local\{DFDE0DE9-FC55-447F-9B4C-B4CE199B1205}

2014-08-18 20:02 - 2014-08-18 20:02 - 00000000 ____D () C:\Users\RAC\AppData\Local\{562DE164-FD30-4F3D-A9D3-FE3759BF540D}

2014-08-17 01:35 - 2014-08-17 01:46 - 00000000 ____D () C:\Program Files\Audacity

2014-08-17 01:35 - 2014-08-17 01:35 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-08-17 01:35 - 2014-08-17 01:35 - 00000806 _____ () C:\Users\Public\Desktop\Audacity.lnk

2014-08-17 00:30 - 2014-08-17 00:31 - 22180353 _____ (Audacity Team ) C:\Users\Justin\Downloads\audacity-win-2.0.5.exe

2014-08-17 00:25 - 2014-08-17 00:25 - 01445348 _____ () C:\Users\Justin\Downloads\lame-3.99.5.tar.gz

2014-08-15 19:31 - 2014-08-15 19:31 - 00001917 _____ () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk

2014-08-15 19:31 - 2014-08-15 19:31 - 00001887 _____ () C:\Users\Justin\Desktop\OldSchool RuneScape.lnk

2014-08-15 19:31 - 2014-08-15 19:31 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape

2014-08-15 19:29 - 2014-08-15 19:30 - 23646208 _____ () C:\Users\Justin\Downloads\OldSchool.msi

2014-08-15 02:39 - 2014-08-15 02:39 - 00000522 _____ () C:\cleanup.bat

2014-08-15 02:34 - 2014-08-15 02:34 - 00000000 ____D () C:\Users\Justin\AppData\Local\Avg

2014-08-15 02:11 - 2014-08-15 02:39 - 00000000 ____D () C:\AVG_SysInfo

2014-08-15 02:11 - 2014-08-15 02:11 - 04020096 _____ ( ) C:\Users\Justin\Downloads\AVG_SysInfo.exe

2014-08-15 02:06 - 2014-08-15 02:06 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-15 02:06 - 2014-08-15 02:06 - 00000000 _____ () C:\Windows\setupact.log

2014-08-14 21:01 - 2014-08-15 00:15 - 00149430 _____ () C:\rmall.log

2014-08-14 20:56 - 2014-08-14 20:57 - 73901208 _____ () C:\VirusRemover.log

2014-08-14 18:05 - 2014-08-14 18:05 - 03440688 _____ (AVG Technologies CZ) C:\Users\Justin\Downloads\avg_remover_all(1).exe

2014-08-14 03:00 - 2014-07-31 23:42 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-13 03:12 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-13 03:12 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 03:12 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-13 03:12 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 18:03 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-12 18:03 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-12 18:03 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-12 18:03 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-12 18:03 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-12 18:03 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-12 18:03 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-12 18:03 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-12 18:03 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-12 18:03 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-12 18:03 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-12 18:03 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-12 18:03 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-12 18:03 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-12 18:03 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-12 18:03 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-12 18:03 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-12 18:03 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-12 18:03 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-12 18:03 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-12 18:03 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-12 18:03 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 18:03 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 18:03 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-12 18:03 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 18:03 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 18:03 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 18:03 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-08-12 18:03 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-10 04:31 - 2014-08-10 04:31 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll

2014-08-10 04:25 - 2014-08-10 04:25 - 00918440 _____ (Oracle Corporation) C:\Users\Justin\Downloads\jre-7u67-windows-i586-iftw.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-09 04:07 - 2014-09-09 04:06 - 00022238 _____ () C:\Users\Justin\Desktop\FRST.txt

2014-09-09 04:06 - 2014-09-09 04:06 - 00000000 ____D () C:\FRST

2014-09-09 04:06 - 2013-02-21 03:24 - 01609352 _____ () C:\Windows\WindowsUpdate.log

2014-09-09 04:05 - 2014-09-09 04:05 - 01097728 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe

2014-09-09 04:05 - 2014-09-09 04:05 - 01097728 _____ (Farbar) C:\Users\Justin\Desktop\FRST.exe

2014-09-09 04:03 - 2014-09-09 04:03 - 00030205 _____ () C:\Users\Justin\Desktop\Result.txt

2014-09-09 04:01 - 2014-09-09 04:01 - 00401920 _____ (Farbar) C:\Users\Justin\Downloads\MiniToolBox.exe

2014-09-09 04:01 - 2014-09-09 04:01 - 00401920 _____ (Farbar) C:\Users\Justin\Desktop\MiniToolBox.exe

2014-09-09 02:25 - 2006-11-02 08:45 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-09 02:25 - 2006-11-02 08:45 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-09 02:20 - 2014-09-09 02:20 - 00000600 _____ () C:\Users\Justin\AppData\Roaming\winscp.rnd

2014-09-09 02:06 - 2014-09-09 02:06 - 00000000 ____D () C:\Users\Justin\Desktop\LaunchDaemons.backup

2014-09-09 02:04 - 2014-09-09 02:04 - 00000000 ____D () C:\Users\Justin\Documents\LaunchDaemons.backup

2014-09-09 02:03 - 2014-09-09 02:03 - 00000000 ____D () C:\Users\Justin\Desktop\LaunchDaemons

2014-09-09 02:02 - 2014-09-09 02:02 - 00000000 ____D () C:\Users\Justin\Desktop\Caches

2014-09-09 01:45 - 2014-09-09 01:45 - 00000840 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2014-09-09 01:45 - 2014-09-09 01:45 - 00000778 _____ () C:\Users\Public\Desktop\WinSCP.lnk

2014-09-09 01:45 - 2014-09-09 01:45 - 00000000 ____D () C:\Program Files\WinSCP

2014-09-09 01:44 - 2014-09-09 01:44 - 04626416 _____ (Martin Prikryl ) C:\Users\Justin\Downloads\winscp555setup.exe

2014-09-08 22:32 - 2013-12-27 19:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2014-09-08 18:13 - 2013-03-02 02:45 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-07 18:46 - 2012-08-30 23:07 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272686857-3468428945-150708638-1000UA.job

2014-09-07 18:25 - 2014-08-08 01:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-07 18:08 - 2012-08-24 14:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-07 11:47 - 2012-08-30 23:07 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272686857-3468428945-150708638-1000Core.job

2014-09-07 01:25 - 2014-08-08 01:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-05 14:03 - 2014-03-03 08:50 - 00000024 _____ () C:\Users\Justin\jagexappletviewer.preferences

2014-09-05 14:03 - 2013-03-01 21:48 - 00000024 _____ () C:\Users\Justin\random.dat

2014-09-05 13:59 - 2011-12-06 11:45 - 00000045 ____H () C:\Users\Justin\jagex_cl_runescape_LIVE.dat

2014-09-05 11:33 - 2014-08-08 01:16 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-03 09:02 - 2014-08-02 01:10 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-09-02 12:30 - 2014-08-02 01:10 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-09-02 12:30 - 2013-06-25 11:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-09-02 12:25 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-02 12:23 - 2006-11-02 08:58 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-02 09:55 - 2014-08-01 23:33 - 00000800 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-09-02 09:55 - 2014-08-01 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-08-28 03:24 - 2014-08-02 15:13 - 00359344 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-26 17:51 - 2014-08-26 17:51 - 00000000 ____D () C:\Users\Justin\jagexcache1

2014-08-26 17:51 - 2014-08-26 17:51 - 00000000 ____D () C:\Users\Justin\.jagex_cache_32

2014-08-26 17:51 - 2012-01-25 18:58 - 00000046 ____H () C:\Users\Justin\jagex_cl_runescape_LIVE1.dat

2014-08-26 17:51 - 2011-11-24 11:57 - 00000000 ___HD () C:\Users\Justin

2014-08-23 01:32 - 2013-03-01 21:48 - 00000045 _____ () C:\Users\Justin\jagex_cl_oldschool_LIVE.dat

2014-08-22 21:03 - 2014-08-28 03:02 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 19:26 - 2014-08-28 03:02 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 17:55 - 2011-06-15 13:17 - 00000000 ____D () C:\.jagex_cache_32

2014-08-21 22:28 - 2014-08-21 22:29 - 00448512 _____ (OldTimer Tools) C:\Users\Justin\Desktop\TFC.exe

2014-08-21 22:28 - 2014-08-21 22:28 - 00448512 _____ (OldTimer Tools) C:\Users\Justin\Downloads\TFC.exe

2014-08-21 22:22 - 2014-08-21 22:22 - 00001463 _____ () C:\DelFix.txt

2014-08-21 22:22 - 2014-08-20 19:09 - 00000000 ____D () C:\Windows\ERUNT

2014-08-21 22:21 - 2014-08-21 22:21 - 00709564 _____ () C:\Users\Justin\Downloads\delfix_10.8.exe

2014-08-21 22:16 - 2013-03-02 04:58 - 00000000 ____D () C:\Windows\erdnt

2014-08-21 11:16 - 2013-03-25 13:50 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Audacity

2014-08-21 05:46 - 2014-08-20 18:46 - 00005436 _____ () C:\Windows\PFRO.log

2014-08-21 05:13 - 2014-08-21 05:13 - 00000964 _____ () C:\Users\Justin\Desktop\Auslogics DiskDefrag.lnk

2014-08-21 05:13 - 2014-08-21 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

2014-08-21 05:13 - 2014-08-21 05:13 - 00000000 ____D () C:\ProgramData\Auslogics

2014-08-21 05:13 - 2014-08-21 05:13 - 00000000 ____D () C:\Program Files\Auslogics

2014-08-21 05:12 - 2014-08-21 05:12 - 06326216 _____ (Auslogics Labs Pty Ltd ) C:\Users\Justin\Downloads\disk-defrag-setup.exe

2014-08-21 05:12 - 2014-08-21 05:12 - 06326216 _____ (Auslogics Labs Pty Ltd ) C:\Users\Justin\Documents\disk-defrag-setup.exe

2014-08-21 05:11 - 2014-08-06 23:04 - 00000000 ____D () C:\Users\Justin\AppData\Local\Adobe

2014-08-21 05:10 - 2014-08-21 05:10 - 00001894 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-08-21 05:10 - 2014-08-21 05:10 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-08-21 05:09 - 2010-12-21 21:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-08-21 05:09 - 2008-09-29 11:52 - 00000000 ____D () C:\ProgramData\Adobe

2014-08-21 05:09 - 2008-09-29 11:52 - 00000000 ____D () C:\Program Files\Adobe

2014-08-21 04:45 - 2014-08-21 04:45 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-08-21 04:45 - 2013-11-04 09:30 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-21 04:44 - 2014-08-21 04:44 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-21 04:44 - 2014-08-21 04:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-21 04:44 - 2014-08-21 04:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-21 04:44 - 2014-08-21 04:44 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-21 04:44 - 2014-08-21 04:44 - 00000000 ____D () C:\Program Files\Java

2014-08-21 04:41 - 2014-08-21 04:42 - 00918952 _____ (Oracle Corporation) C:\Users\Justin\Documents\jxpiinstall (1).exe

2014-08-21 04:41 - 2014-08-21 04:41 - 00918952 _____ (Oracle Corporation) C:\Users\Justin\Downloads\jxpiinstall (1).exe

2014-08-20 19:48 - 2014-08-20 19:38 - 00000000 ____D () C:\Users\Justin\AppData\Local\adawarebp

2014-08-20 18:42 - 2014-02-15 15:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-08-20 18:42 - 2009-01-07 10:31 - 00000000 ____D () C:\Users\RAC

2014-08-19 23:30 - 2014-08-19 23:30 - 00000000 ____D () C:\Users\RAC\AppData\Local\{A46BF712-53AB-4018-B830-341611016349}

2014-08-19 23:29 - 2010-03-11 15:58 - 00000000 ____D () C:\Users\RAC\Tracing

2014-08-19 23:28 - 2014-03-10 15:06 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys

2014-08-19 23:21 - 2013-06-25 11:51 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus

2014-08-19 21:14 - 2013-12-17 17:06 - 00000000 ____D () C:\Users\RAC\AppData\Local\CRE

2014-08-19 20:42 - 2014-08-19 20:42 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-19 20:42 - 2014-08-19 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-19 20:42 - 2014-08-19 20:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-19 20:42 - 2013-01-11 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-19 20:40 - 2014-08-19 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-19 20:24 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini

2014-08-19 09:32 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default

2014-08-19 09:32 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public

2014-08-19 09:13 - 2014-03-03 09:18 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\WordExtra

2014-08-19 08:47 - 2014-08-02 01:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-08-19 08:40 - 2014-08-19 08:40 - 00000000 ____D () C:\Users\Justin\Documents\ProcAlyzer Dumps

2014-08-19 08:34 - 2013-06-28 15:48 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Ad-Aware Antivirus

2014-08-19 07:09 - 2014-08-19 07:09 - 00000000 ____D () C:\Users\RAC\AppData\Local\{DFDE0DE9-FC55-447F-9B4C-B4CE199B1205}

2014-08-19 04:56 - 2012-08-23 22:39 - 00000000 ____D () C:\Users\Justin\Desktop\Text

2014-08-18 20:27 - 2011-11-23 18:40 - 00000000 ____D () C:\Users\RAC\Desktop\Justin's St00f

2014-08-18 20:22 - 2011-06-16 18:26 - 00000000 ____D () C:\Users\RAC\Documents\Disputes

2014-08-18 20:22 - 2011-06-14 17:16 - 00000000 ____D () C:\Users\RAC\Documents\Photos

2014-08-18 20:02 - 2014-08-18 20:02 - 00000000 ____D () C:\Users\RAC\AppData\Local\{562DE164-FD30-4F3D-A9D3-FE3759BF540D}

2014-08-17 01:46 - 2014-08-17 01:35 - 00000000 ____D () C:\Program Files\Audacity

2014-08-17 01:35 - 2014-08-17 01:35 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-08-17 01:35 - 2014-08-17 01:35 - 00000806 _____ () C:\Users\Public\Desktop\Audacity.lnk

2014-08-17 00:31 - 2014-08-17 00:30 - 22180353 _____ (Audacity Team ) C:\Users\Justin\Downloads\audacity-win-2.0.5.exe

2014-08-17 00:25 - 2014-08-17 00:25 - 01445348 _____ () C:\Users\Justin\Downloads\lame-3.99.5.tar.gz

2014-08-16 19:05 - 2012-11-21 11:42 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-15 19:33 - 2014-08-02 11:27 - 00000000 ____D () C:\Users\Justin\jagexcache

2014-08-15 19:31 - 2014-08-15 19:31 - 00001917 _____ () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk

2014-08-15 19:31 - 2014-08-15 19:31 - 00001887 _____ () C:\Users\Justin\Desktop\OldSchool RuneScape.lnk

2014-08-15 19:31 - 2014-08-15 19:31 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape

2014-08-15 19:30 - 2014-08-15 19:29 - 23646208 _____ () C:\Users\Justin\Downloads\OldSchool.msi

2014-08-15 02:39 - 2014-08-15 02:39 - 00000522 _____ () C:\cleanup.bat

2014-08-15 02:39 - 2014-08-15 02:11 - 00000000 ____D () C:\AVG_SysInfo

2014-08-15 02:34 - 2014-08-15 02:34 - 00000000 ____D () C:\Users\Justin\AppData\Local\Avg

2014-08-15 02:11 - 2014-08-15 02:11 - 04020096 _____ ( ) C:\Users\Justin\Downloads\AVG_SysInfo.exe

2014-08-15 02:06 - 2014-08-15 02:06 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-15 02:06 - 2014-08-15 02:06 - 00000000 _____ () C:\Windows\setupact.log

2014-08-15 00:58 - 2011-11-11 22:04 - 00000000 ____D () C:\Windows\Minidump

2014-08-15 00:15 - 2014-08-14 21:01 - 00149430 _____ () C:\rmall.log

2014-08-14 20:57 - 2014-08-14 20:56 - 73901208 _____ () C:\VirusRemover.log

2014-08-14 18:05 - 2014-08-14 18:05 - 03440688 _____ (AVG Technologies CZ) C:\Users\Justin\Downloads\avg_remover_all(1).exe

2014-08-14 17:33 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-13 06:24 - 2013-10-14 20:08 - 00000000 ____D () C:\ProgramData\AVG2014

2014-08-13 03:50 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache

2014-08-13 03:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-13 03:41 - 2006-11-02 06:33 - 00765776 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-10 04:31 - 2014-08-10 04:31 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll

2014-08-10 04:31 - 2008-09-29 06:37 - 00000000 ____D () C:\Windows\system32\RTCOM

2014-08-10 04:30 - 2013-12-17 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter

2014-08-10 04:25 - 2014-08-10 04:25 - 00918440 _____ (Oracle Corporation) C:\Users\Justin\Downloads\jre-7u67-windows-i586-iftw.exe

2014-08-10 01:25 - 2012-02-17 03:19 - 00000000 ____D () C:\ProgramData\Freemake

2014-08-10 01:22 - 2013-12-17 18:39 - 00000000 ____D () C:\Program Files\DSP-worx

 

ZeroAccess:

C:\Windows\System32\config\systemprofile\AppData\Local\{a91807f3-bc51-d71c-eefe-8807493b10b5}

C:\Windows\System32\config\systemprofile\AppData\Local\{a91807f3-bc51-d71c-eefe-8807493b10b5}\@

 

Files to move or delete:

====================

C:\ProgramData\bos821Dyr.dat

C:\Users\Justin\jagex_cl_oldschool_LIVE.dat

C:\Users\Justin\jagex_cl_runescape_LIVE.dat

C:\Users\Justin\jagex_cl_runescape_LIVE1.dat

C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\Justin\random.dat

C:\Users\RAC\dementhium_runescape_preferences.dat

C:\Users\RAC\dementhium_runescape_preferences2.dat

C:\Users\RAC\jagex_cl_loginapplet_LIVE.dat

C:\Users\RAC\jagex_cl_oldschool_LIVE.dat

C:\Users\RAC\jagex_cl_runescape_LIVE.dat

C:\Users\RAC\jagex_cl_runescape_LIVE1.dat

C:\Users\RAC\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\RAC\jagex_runescape_preferences.dat

C:\Users\RAC\jagex_runescape_preferences2.dat

C:\Users\RAC\jagex__preferences3.dat

C:\Users\RAC\MetricCollection.dll

C:\Users\RAC\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Justin\AppData\Local\temp\SRLDetectionLibrary1828776645206814836.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-09 01:17

 

==================== End Of Log ============================

[JustinLipner]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014

Ran by Justin at 2014-09-09 04:08:08

Running from C:\Users\Justin\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden

Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)

Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)

AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden

BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.0.4049 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM\...\{50DA15C1-0161-40EE-A325-0BE5BA03C026}) (Version: 0.9.0.4049 - BlueStack Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)

DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)

EarthLink Setup Files (HKLM\...\{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}) (Version: 2008.1.18.0 - EarthLink, Inc.)

Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

Freemake Video Converter version 3.0.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.0.1 - Ellora Assets Corporation)

GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)

Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Horizon v2.7.3.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.3.0 - Daring Development Inc.)

HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)

IHA_MessageCenter (HKLM\...\{45F447E8-E029-4CA5-B4CD-38820D4CFE5D}) (Version: 1.9.7 - Verizon)

Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)

Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden

iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)

Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden

Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )

Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

mmth (HKLM\...\{24217A28-B8A8-402B-AF46-C80694D86AC6}) (Version: 1.0.0 - FileSubmit)

Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)

Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MusicOasis (HKLM\...\MusicOasis) (Version: 1.0.3 - W3i, LLC)

MusicOasis (Version: 1.0.3 - W3i, LLC) Hidden

Muvic Smartbar (HKLM\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

OldSchool RuneScape Launcher 1.2.3 (HKLM\...\{CCCEAAD4-3D2F-42C1-9AAA-08D458DB3509}) (Version: 1.2.3 - Jagex Ltd)

PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden

ptsunset (HKLM\...\{014ED72C-2BF4-4501-8046-91CC1E4C8427}) (Version: 1.0.0 - FileSubmit)

QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

RuneScape Launcher 1.2.3 (HKLM\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Mobile Device Updater Component (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)

WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

WinSCP 5.5.5 (HKLM\...\winscp3_is1) (Version: 5.5.5 - Martin Prikryl)

Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)

Zune (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\RAC\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\RAC\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\RAC\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\RAC\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3272686857-3468428945-150708638-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

 

==================== Restore Points  =========================

 

22-08-2014 02:27:45 All infections removed

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 06:23 - 2014-08-19 09:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0288EFD3-FAAA-413D-8F19-F056E0510AFB} - \Updater12759.exe No Task File <==== ATTENTION

Task: {09E03D82-E74F-434F-860D-3D6693261F29} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION

Task: {0A5AA21C-60E1-47BD-B56C-F59FA1D93586} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {18EFA3BE-3523-4D3B-A4FE-F20687D21791} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\system32\Macromed\Shockwave 10\SymInstallStub.exe

Task: {1E1AA725-A2CC-4724-9777-3F55C1EBFACE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272686857-3468428945-150708638-1000Core => C:\Users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)

Task: {3028434B-C831-4006-A274-F5BF798DF90F} - System32\Tasks\RealCreateProcessScheduledTask34024364S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {36EF75AC-2C32-4E02-B353-8DF1856612A6} - System32\Tasks\RealCreateProcessScheduledTask40639758S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {3B969330-CC1C-4F74-BEAA-FFD868D6312B} - System32\Tasks\RealCreateProcessScheduledTask100634716S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {4CAB09B0-E482-426B-8EA2-F333B618AF02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)

Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {625C8434-B932-4FFD-A59B-EF65B56954D8} - System32\Tasks\RealCreateProcessScheduledTask115686301S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {62A03219-1614-4322-B38D-BEDC0C3DF53C} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {67ED619B-F427-4B70-8966-4E64DF41EC39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3272686857-3468428945-150708638-1000UA => C:\Users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)

Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7E3AEE39-099B-4B86-A5BA-9FB0CE9BC11A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)

Task: {886D3A41-E308-49D8-A445-C86FA0C93BFF} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {90686B1D-539A-4747-A341-683473876DEC} - System32\Tasks\RealCreateProcessScheduledTask109676315S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {A8DEBF96-39F7-43B4-AFE7-8D08AA1B64DE} - \DealPly No Task File <==== ATTENTION

Task: {AB35194F-F0B3-4CA3-95DA-C98648299028} - System32\Tasks\IHUninstallTrackingTASK => CMD

Task: {B43CDE02-070E-470D-AAF6-427078D39CAF} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {B7E0A8F8-8F24-4C9D-9450-66887665A46B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {C0709C02-2EA9-43C5-8486-B7380276E7E0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {C8B0C511-2154-43CF-94C9-54BDE58FBECB} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {CD8BD98A-844D-45B2-AC4F-6D6F8F34E342} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe

Task: {D1B910E1-2CCC-4375-AD0E-348CF2DEF01C} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION

Task: {DDF16DB7-B248-4FEF-B94E-54C7973D7510} - System32\Tasks\RealCreateProcessScheduledTask85528827S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {EDB3C153-5414-47BA-BBDA-1354088CEE2F} - System32\Tasks\4395 => Wscript.exe C:\Users\RAC\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {F2A571B3-F207-4AE7-8C36-F30AEE30C9D5} - System32\Tasks\RealCreateProcessScheduledTask99432884S-1-5-21-3272686857-3468428945-150708638-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {FCCD7C24-FA3B-4B74-BDBD-35BB6E650ABF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-06] (Adobe Systems Incorporated)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272686857-3468428945-150708638-1000Core.job => C:\Users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272686857-3468428945-150708638-1000UA.job => C:\Users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{B1CE7117-A96E-4E1E-B62F-5A61453D78B3}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-01-01 15:36 - 2007-08-21 14:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll

2011-05-10 09:21 - 2007-02-20 12:27 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbapp5c.dll

2011-06-22 13:12 - 2009-08-19 14:10 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdxdrpp.dll

2011-06-14 17:06 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll

2014-08-02 01:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-08-02 01:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

2011-06-22 13:12 - 2008-03-20 02:25 - 00668328 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

2011-06-22 13:12 - 2008-03-20 01:24 - 00380928 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxscw.dll

2011-06-22 13:12 - 2008-03-20 01:17 - 00589824 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxdatr.dll

2011-06-22 13:12 - 2008-03-20 01:24 - 00782336 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxDRS.dll

2011-06-22 13:12 - 2008-03-20 01:24 - 00081920 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxcaps.dll

2011-06-22 13:12 - 2008-03-20 01:17 - 00069632 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxcnv4.dll

2011-06-22 13:11 - 2008-03-20 01:23 - 00364544 _____ () C:\Program Files\Lexmark 3600-4600 Series\iptk.dll

2011-06-22 13:12 - 2007-09-06 14:11 - 00151552 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxptp.dll

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-08-13 03:41 - 2014-08-13 03:41 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\d63d18ef3b08f14ce66d39ebb9e92c1c\VistaBridgeLibrary.ni.dll

2014-08-02 01:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-08-02 01:06 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

2014-08-02 01:06 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-09-05 11:33 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll

2014-09-05 11:33 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll

2014-09-05 11:33 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

2014-08-02 00:57 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Justin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-08-02 00:57 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Justin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:26566B27

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Xbox 360

Description: Xbox 360

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/09/2014 03:00:52 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).

 

Error: (09/09/2014 03:00:51 AM) (Source: SPP) (EventID: 16387) (User: )

Description: Shadow copy creation failed because of error reported by ASR Writer.

 

More info: The parameter is incorrect. (0x80070057).

 

Error: (09/08/2014 02:59:57 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/08/2014 02:59:55 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/08/2014 03:00:39 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).

 

Error: (09/08/2014 03:00:39 AM) (Source: SPP) (EventID: 16387) (User: )

Description: Shadow copy creation failed because of error reported by ASR Writer.

 

More info: The parameter is incorrect. (0x80070057).

 

Error: (09/07/2014 02:56:02 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/07/2014 02:56:01 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/07/2014 03:00:36 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).

 

Error: (09/07/2014 03:00:36 AM) (Source: SPP) (EventID: 16387) (User: )

Description: Shadow copy creation failed because of error reported by ASR Writer.

 

More info: The parameter is incorrect. (0x80070057).

 

 

System errors:

=============

Error: (09/09/2014 03:03:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/08/2014 03:02:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/07/2014 03:02:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/06/2014 03:02:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/05/2014 03:01:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/04/2014 03:02:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/03/2014 03:02:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Security Update for Windows Vista (KB2859537){992E6C42-7B83-4B97-8A93-F05D0859B149}201

 

Error: (09/02/2014 00:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Google Update Service (gupdate)%%1053

 

Error: (09/02/2014 00:32:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Google Update Service (gupdate)

 

Error: (09/02/2014 00:29:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: SBRE

 

 

Microsoft Office Sessions:

=========================

Error: (09/09/2014 03:00:52 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x800423f4

 

Error: (09/09/2014 03:00:51 AM) (Source: SPP) (EventID: 16387) (User: )

Description: ASR WriterThe parameter is incorrect. (0x80070057)

 

Error: (09/08/2014 02:59:57 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/08/2014 02:59:55 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/08/2014 03:00:39 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x800423f4

 

Error: (09/08/2014 03:00:39 AM) (Source: SPP) (EventID: 16387) (User: )

Description: ASR WriterThe parameter is incorrect. (0x80070057)

 

Error: (09/07/2014 02:56:02 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (09/07/2014 02:56:01 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Error: (09/07/2014 03:00:36 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x800423f4

 

Error: (09/07/2014 03:00:36 AM) (Source: SPP) (EventID: 16387) (User: )

Description: ASR WriterThe parameter is incorrect. (0x80070057)

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-09 04:07:44.129

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:43.454

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:42.813

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:42.294

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:41.373

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:40.859

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:40.349

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:07:39.817

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:06:59.487

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-09 04:06:58.974

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz

Percentage of memory in use: 65%

Total physical RAM: 2036.45 MB

Available physical RAM: 692.75 MB

Total Pagefile: 4322.19 MB

Available Pagefile: 2001.58 MB

Total Virtual: 2047.88 MB

Available Virtual: 1897.55 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:22.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.5 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 40000000)

Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Psychotic]

I don´t know how, but you´ve been reinfected by several trojan horses:

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Muvic Smartbar

Close the window.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

• Download the attached fixlist.txt and save it to the location where FRST is saved to.
• Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click the downloaded setup file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

fixlist.txt

[JustinLipner]

Idk know how either today is the first time I've dled anything in weeks. Awhile back I downloaded this program to fix my firewall maybe that was infected? And I can't find MuvicSmart bar anyone on my computer.

[Psychotic]

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

• Please download and install Revo Uninstaller Free
  note: there is no need to click anything on that page, the download will start automatically
• Double click Revo Uninstaller to run it
• From the list of programs double click on the listed program(s), or anything similar, to remove it:
  

  MuvicSmart

• When prompted if you want to uninstall click Yes
• Be sure the Moderate option is selected then click Next
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next
• Once the program has searched for leftovers click Next
• Check the items in bold only on the list then click Delete
  note: you may have to expand some folders by clicking the "+" mark
• When prompted click on Yes and then on Next
• Put a check on any folders that are found and select Delete
• When prompted select Yes then Next
• Once done click Finish
  

[JustinLipner]

Got it removed.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014

Ran by Justin at 2014-09-09 06:16:49 Run:1

Running from C:\Users\Justin\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}

Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FF HKCU\...\Firefox\Extensions: [info@friendschecker.com] - C:\Program Files\FriendsChecker\Firefox

CHR HKLM\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\ProgramData\CodecC\hjakmojkcnhgipgkkbiempkfdndcnlah.crx []

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: {0288EFD3-FAAA-413D-8F19-F056E0510AFB} - \Updater12759.exe No Task File <==== ATTENTION

Task: {09E03D82-E74F-434F-860D-3D6693261F29} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION

Task: {A8DEBF96-39F7-43B4-AFE7-8D08AA1B64DE} - \DealPly No Task File <==== ATTENTION

Task: {B43CDE02-070E-470D-AAF6-427078D39CAF} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {D1B910E1-2CCC-4375-AD0E-348CF2DEF01C} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION

Task: {EDB3C153-5414-47BA-BBDA-1354088CEE2F} - System32\Tasks\4395 => Wscript.exe C:\Users\RAC\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:26566B27

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

 

C:\Users\RAC\AppData\Local\Temp\launchie.vbs

C:\ProgramData\CodecC

C:\Windows\System32\config\systemprofile\AppData\Local\{a91807f3-bc51-d71c-eefe-8807493b10b5}

C:\ProgramData\bos821Dyr.dat

C:\Users\Justin\jagex_cl_oldschool_LIVE.dat

C:\Users\Justin\jagex_cl_runescape_LIVE.dat

C:\Users\Justin\jagex_cl_runescape_LIVE1.dat

C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\Justin\random.dat

C:\Users\RAC\dementhium_runescape_preferences.dat

C:\Users\RAC\dementhium_runescape_preferences2.dat

C:\Users\RAC\jagex_cl_loginapplet_LIVE.dat

C:\Users\RAC\jagex_cl_oldschool_LIVE.dat

C:\Users\RAC\jagex_cl_runescape_LIVE.dat

C:\Users\RAC\jagex_cl_runescape_LIVE1.dat

C:\Users\RAC\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\RAC\jagex_runescape_preferences.dat

C:\Users\RAC\jagex_runescape_preferences2.dat

C:\Users\RAC\jagex__preferences3.dat

C:\Users\RAC\MetricCollection.dll

C:\Users\RAC\random.dat

C:\PROGRA~1\COMMON~1\System\SysMenu.dll

 

EmptyTemp:

CMD: netsh winsock reset

Reboot:

 

 

*****************

 

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} => value deleted successfully.

"HKCR\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.

HKCU\Software\Mozilla\Firefox\Extensions\\info@friendschecker.com => value deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah" => Key deleted successfully.

"C:\ProgramData\CodecC\hjakmojkcnhgipgkkbiempkfdndcnlah.crx" => File/Directory not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0288EFD3-FAAA-413D-8F19-F056E0510AFB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0288EFD3-FAAA-413D-8F19-F056E0510AFB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater12759.exe" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09E03D82-E74F-434F-860D-3D6693261F29}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E03D82-E74F-434F-860D-3D6693261F29}" => Key deleted successfully.

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8DEBF96-39F7-43B4-AFE7-8D08AA1B64DE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8DEBF96-39F7-43B4-AFE7-8D08AA1B64DE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B43CDE02-070E-470D-AAF6-427078D39CAF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B43CDE02-070E-470D-AAF6-427078D39CAF}" => Key deleted successfully.

C:\Windows\System32\Tasks\0 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1B910E1-2CCC-4375-AD0E-348CF2DEF01C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1B910E1-2CCC-4375-AD0E-348CF2DEF01C}" => Key deleted successfully.

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDB3C153-5414-47BA-BBDA-1354088CEE2F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDB3C153-5414-47BA-BBDA-1354088CEE2F}" => Key deleted successfully.

C:\Windows\System32\Tasks\4395 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4395" => Key deleted successfully.

C:\ProgramData\TEMP => ":26566B27" ADS removed successfully.

C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

"C:\Users\RAC\AppData\Local\Temp\launchie.vbs" => File/Directory not found.

"C:\ProgramData\CodecC" => File/Directory not found.

C:\Windows\System32\config\systemprofile\AppData\Local\{a91807f3-bc51-d71c-eefe-8807493b10b5} => Moved successfully.

C:\ProgramData\bos821Dyr.dat => Moved successfully.

C:\Users\Justin\jagex_cl_oldschool_LIVE.dat => Moved successfully.

C:\Users\Justin\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Justin\jagex_cl_runescape_LIVE1.dat => Moved successfully.

C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.

C:\Users\Justin\random.dat => Moved successfully.

C:\Users\RAC\dementhium_runescape_preferences.dat => Moved successfully.

C:\Users\RAC\dementhium_runescape_preferences2.dat => Moved successfully.

C:\Users\RAC\jagex_cl_loginapplet_LIVE.dat => Moved successfully.

C:\Users\RAC\jagex_cl_oldschool_LIVE.dat => Moved successfully.

C:\Users\RAC\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\RAC\jagex_cl_runescape_LIVE1.dat => Moved successfully.

C:\Users\RAC\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.

C:\Users\RAC\jagex_runescape_preferences.dat => Moved successfully.

C:\Users\RAC\jagex_runescape_preferences2.dat => Moved successfully.

C:\Users\RAC\jagex__preferences3.dat => Moved successfully.

C:\Users\RAC\MetricCollection.dll => Moved successfully.

C:\Users\RAC\random.dat => Moved successfully.

"C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => File/Directory not found.

 

=========  netsh winsock reset =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 411.8 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[Psychotic]

Proceed with Malwarebytes as instructed.

[JustinLipner]

I don't have the option to copy to clipboard.

[Psychotic]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[JustinLipner]

Is it alright if I do it later? I'm really tired and wanna go to sleep.

[Psychotic]

No problem, sleep well!

Start the scan and post the result later.

[JustinLipner]

C:\Program Files\HyperCam 2\hctoolbar.exe Win32/Somoto.F potentially unwanted application

C:\Users\Justin\AppData\LocalLow\A_Free_Ride_Games_Bar\ldrtbA_Fr.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\Justin\AppData\LocalLow\A_Free_Ride_Games_Bar\tbA_Fr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\Justin\AppData\LocalLow\A_Free_Ride_Games_Bar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application

C:\Users\Justin\Downloads\ccsetup416pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\extensions\staged\2c8ca294-8c59-4a16-8801-a96deabe743e@gmail.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\extensions\staged\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\extensions\staged\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\ctypes\FirefoxCtype.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\extensions\staged\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Plugins\npFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application

C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\54je98ra.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

C:\Users\RAC\Pictures\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application

C:\Users\RAC\Pictures\Downloads\cbsidlm-cbsi145-Windows_Password_Key_Professional-SEO-75415548.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\RAC\Pictures\Downloads\cbsidlm-cbsi145-Windows_Password_Recovery_Tool_Professional-SEO-75439908.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\RAC\Pictures\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\RAC\Pictures\Downloads\HC2Setup.exe Win32/Somoto.F potentially unwanted application

C:\Users\RAC\Pictures\Downloads\iLividSetup-r420-n-bc.exe a variant of Win32/iLivid.A potentially unwanted application

C:\Users\RAC\Pictures\Downloads\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\RAC\Pictures\Downloads\OfficialAresSetup(1).exe Win32/Somoto.F potentially unwanted application

C:\Users\RAC\Pictures\Downloads\OfficialAresSetup.exe Win32/Somoto.F potentially unwanted application

C:\Users\RAC\Pictures\Downloads\usbdiskrecovery-windows-pd_installer.exe a variant of Win32/OpenInstall potentially unwanted application

C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.