Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Virus detected , cleaned, computer still not working


  • This topic is locked This topic is locked
12 replies to this topic

#1 lilbit2604

lilbit2604

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 June 2013 - 09:06 PM

My husbands little sisters computer started acting up, first upon restart a error was popping up saying a file was missing from system tray there was a error, it would then lock the computer for a few minutes. I started task manager to see what was running, upon trying to end process to a few applications it kept telling me error access denied and wouldnt shut anything down. I ran malwarebytes and eset, 9 problems were found on eset and 7 others on malwarebytes, they were cleaned and computer was restarted. After restart the system tray error no longer occured but no internet access, no movie files can be played and the task bar still doesnt work. I went to malwarebytes via safe mode w/ networking and ran the rootkit finder beta version, it found a Alureon VBR rootkit, (It doesnt keep a log so the exact version i'm not sure of) It was cleaned, computer was restarted but is only getting worse. Please Help :)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16611
Run by kidd at 21:56:21 on 2013-06-25
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.8061.5761 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\AVCUltimate.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\gnu\adc\mencoder.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN40151088772504321&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
mURLSearchHooks: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll
BHO: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\kidd\AppData\Local\ArcadeCandy\candyEX.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vafmusic2 Toolbar: {7F3F960E-A836-45CA-8911-0ACCB522246E} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false
uRun: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [SearchProtect] C:\Users\kidd\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
uRun: [Browser Infrastructure Helper] C:\Users\kidd\AppData\Local\Smartbar\Application\QuickShare.exe startup
uRun: [Facebook Update] "C:\Users\kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SearchProtection] "C:\Users\kidd\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [Pinger] "C:\Program Files (x86)\Pinger\Pinger.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [SMessaging] "C:\Users\kidd\AppData\Local\Strongvault Online Backup\SMessaging.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\kidd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\kidd\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\kidd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\kidd\AppData\Local\Strongvault\StrongVaultApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ABCF1053-F91B-4F85-8F36-A43C363C4B29} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN80108621119424293&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Users\kidd\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dll
FF - plugin: C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-18 19:36; [email protected]; C:\Program Files (x86)\SingAlong\FF
FF - ExtSQL: 2013-05-18 19:36; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-05-19 01:42; {7f3f960e-a836-45ca-8911-0accb522246e}; C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
FF - ExtSQL: 2013-05-19 01:43; {3bebc7be-9bfc-4393-ae38-1522b21b34b9}; C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{3bebc7be-9bfc-4393-ae38-1522b21b34b9}
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
.
FF - user.js:  - versionFro
FF - user.js: CT3289847.1000082.isPlayDisplay - true
FF - user.js: CT3289847.1000082.state - {\state\:\stopped\,\text\:\1.FM (Cou...\,\description\:\1.FM (Country)\,\url\:\hxxp://1.fm/wm/energycountry32k.asx\}
FF - user.js: CT3289847.ENABALE_HISTORY - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.FF19Solved - true
FF - user.js: CT3289847.FirstTime - true
FF - user.js: CT3289847.FirstTimeFF3 - true
FF - user.js: CT3289847.PG_ENABLE - dHJ1ZQ==
FF - user.js: CT3289847.PG_ENABLE.enc - dHJ1ZQ==
FF - user.js: CT3289847.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: CT3289847.UserID - UN12415494822172248
FF - user.js: CT3289847.addressBarTakeOverEnabledInHidden - true
FF - user.js: CT3289847.browser.search.defaultthis.engineName - true
FF - user.js: CT3289847.cbfirsttime.enc - U2F0IE1heSAxOCAyMDEzIDE5OjQzOjMwIEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp
FF - user.js: CT3289847.defaultSearch - true
FF - user.js: CT3289847.embeddedsData - [{\appId\:\130068661007799818\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:true,\instantAlert\:true,\jsInjection\:true,\sslGranted\:true},\onBeforeLoadData\:\{\\\view\\\:{\\\html\\\:\\\<table id=\\\\\\\main\\\\\\\ class=\\\\\\\mainwrapper\\\\\\\ cellpadding=\\\\\\\0\\\\\\\ cellspacing=\\\\\\\0\\\\\\\>\\\\n    <tbody><tr>\\\\n        <!-- don't remove the width=\\\\\\\100%\\\\\\\ bug in chrome the width become in px-->\\\\n        <td id=\\\\\\\textboxWrapper\\\\\\\ style=\\\\\\\width: 100%; background: none repeat scroll 0% 0% rgb(255, 255, 255);\\\\\\\ width=\\\\\\\100%\\\\\\\>\\\\n            <!-- take focuse in IE -->\\\\n            <!--[if ie]>\\\\n            <form onsubmit =\\\\\\\return false;\\\\\\\ action=\\\\\\\#\\\\\\\>\\\\n            <![endif]-->\\\\n            <input style=\\\\\\\color: rgb(0, 0, 0); background: none repeat scroll 0% 0% rgb(255, 255, 255); min-width: 137px; max-width: 464px; width: 100%;\\\\\\\ id=\\\\\\\textbox\\\\\\\ type=\\\\\\\text\\\\\\\>\\\\n            <!--[if ie]>\\\\n            </form>\\\\n            <![endif]-->\\\\n        </td>\\\\n        <td style=\\\\\\\display: table-cell; background: none repeat scroll 0% 0% rgb(255, 255, 255);\\\\\\\ id=\\\\\\\infoPopupButtonWrapper\\\\\\\>\\\\n            <div style=\\\\\\\display: block;\\\\\\\ id=\\\\\\\infoPopupButton\\\\\\\ class=\\\\\\\dropdownButtonTextbox no-select\\\\\\\></div>\\\\n        </td>\\\\n        <td id=\\\\\\\engineWrapperContainer\\\\\\\>\\\\n            <table cellpadding=\\\\\\\0\\\\\\\ cellspacing=\\\\\\\0\\\\\\\>\\\\n                <tbody><tr>\\\\n                    <td id=\\\\\\\imageTextWrapperContainer\\\\\\\>\\\\n                        <table cellpadding=\\\\\\\0\\\\\\\ cellspacing=\\\\\\\0\\\\\\\>\\\\n                            <tbody><tr>\\\\n                                <td style=\\\\\\\display: table-cell;\\\\\\\ id=\\\\\\\engineWrapper\\\\\\\><img style=\\\\\\\display: block\\\\\\\ id=\\\\\\\engineImage\\\\\\\ alt=\\\\\\\\\\\\\\ src=\\\\\\\hxxp://storage.conduit.com/94/300/CT3007394/images/634650152257339187_20PX.png\\\\\\\ onerror=\\\\\\\javascript: this.src='http://storage.conduit.com/images/searchengines/go_btn_new.gif'\\\\\\\></td>\\\\n                                <td style=\\\\\\\display: table-cell;\\\\\\\ id=\\\\\\\engineTextWrapper\\\\\\\>\\\\n                                    <div title=\\\\\\\Search\\\\\\\ style=\\\\\\\color: rgb(0, 0, 0); font-family: Tahoma; font-weight: normal; font-style: normal; font-size: 11px;\\\\\\\ id=\\\\\\\engineText\\\\\\\>Search</div>\\\\n                                </td>\\\\n                            </tr>\\\\n                        </tbody></table>\\\\n                    </td>\\\\n                    <td id=\\\\\\\enginesPopupButtonWrapper\\\\\\\>\\\\n                        <div id=\\\\\\\enginesPopupButton\\\\\\\ class=\\\\\\\dropdownButton no-select\\\\\\\></div>\\\\n                    </td>\\\\n                </tr>\\\\n            </tbody></table>\\\\n        </td>\\\\n    </tr>\\\\n</tbody></table>\\\},\\\locale\\\:{\\\alignMode\\\:\\\LTR\\\,\\\locale\\\:\\\en\\\,\\\languageAlignMode\\\:\\\LTR\\\}}\},{\appId\:\130068661008267819\,\apiPermissions\:{\crossDomainAjax\:false,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:false,\sslGranted\:false},\originalHeight\:25},{\appId\:\130068661012167824\,\apiPermissions\:{\crossDomainAjax\:false,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:false,\sslGranted\:false},\originalHeight\:28},{\appId\:\130068661012791827\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:false},\originalHeight\:26},{\appId\:\1000082\,\apiPermissions\:{\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:true}},{\appId\:\130068661014663831\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:false},\originalHeight\:24},{\appId\:\4908288088155535248\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:true},\originalHeight\:26},{\appId\:\5192755845322684304\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:false},\originalHeight\:26}]
FF - user.js: CT3289847.enableAlerts - true
FF - user.js: CT3289847.enableFix404ByUser - TRUE
FF - user.js: CT3289847.enableSearchFromAddressBar - true
FF - user.js: CT3289847.firstTimeDialogOpened - true
FF - user.js: CT3289847.fixPageNotFoundError - true
FF - user.js: CT3289847.fixPageNotFoundErrorByUser - true
FF - user.js: CT3289847.fixPageNotFoundErrorInHidden - true
FF - user.js: CT3289847.fixUrls - true
FF - user.js: CT3289847.http___api28_starwebnet_com.pid2.enc - YmM5Y2NlOGEtZGZkMC1hZWRiLTY5MzQtNjNhMDY2ODcwOGM1
FF - user.js: CT3289847.http___api31_starwebnet_com.pid2.enc - Mzk4Y2E2YjAtYTlhYi1mZGVhLTkwZGEtZGU1ODQyY2JlN2Nl
FF - user.js: CT3289847.http___api32_starwebnet_com.pid2.enc - NDkwZTQwNzYtNDQ3MC05YzFiLThjMWQtZTVjYTVlYzY5ZDdl
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc - eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc - eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvcXVlcnkiLCJxdWVyeVVybDIiOiJkdW1teSIsInVzZUxvY2FsQ2FjaGUiOiIxIiwidHJpZ2dlclF1ZXJ5U3ViMiI6IjEiLCJjYWNoZUlkIjoiMjAxMjA4MDItMDAwIn0=
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.jw_token.enc - OTk4ZDUxMTktMjFjNy0yNGMyLTVlMTMtNDIwNDRkNjExN2Vl
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.key_list_id.enc - MjAxMjA4MDItMDAw
FF - user.js: CT3289847.installDate - 18/5/2013 19:36:43
FF - user.js: CT3289847.installId - 9818
FF - user.js: CT3289847.installType - conduitnsisintegration
FF - user.js: CT3289847.installUsage - 2013-05-19T02:38:11.3410824+03:00
FF - user.js: CT3289847.installUsageEarly - 2013-05-19T02:38:11.0442017+03:00
FF - user.js: CT3289847.installerVersion - 1.4.2.3
FF - user.js: CT3289847.isCheckedStartAsHidden - true
FF - user.js: CT3289847.isEnableAllDialogs - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.isFirstTimeToolbarLoading - false
FF - user.js: CT3289847.isToolbarShrinked - {\dataType\:\string\,\data\:\false\}
FF - user.js: CT3289847.keyword - true
FF - user.js: CT3289847.lastNewTabSettings - {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN12415494822172248&SSPV=EB_SSPV&Lay=1&UM=2\}
FF - user.js: CT3289847.lastVersion - 10.16.2.509
FF - user.js: CT3289847.mam_gk_appStateReportTime.enc - MTM2ODkyMDYwNDQ3NQ==
FF - user.js: CT3289847.mam_gk_appState_CouponBuddy.enc - b24=
FF - user.js: CT3289847.mam_gk_appState_Easytobook.enc - b24=
FF - user.js: CT3289847.mam_gk_appState_PriceGong.enc - b24=
FF - user.js: CT3289847.mam_gk_appsData.enc - eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJQcmljZUdvbmciLCJhcHBEZXNjIjoieW91ciBvbmxpbmUgc2hvcHBpbmcgYXNzaXN0YW50LiBVc2UgUHJpY2VHb25nIHRvIGZpbmQgdGhlIGJlc3Qgb25saW5lIGRlYWxzIGFuZCBnZXQgb25saW5lIGNvdXBvbnMganVzdCB3aGVuIHlvdSBuZWVkIGl0LiIsInByaXZhY3lQb2xpY3lVcmwiOiJodHRwOi8vd3d3LnByaWNlZ29uZy5jb20vUHJpdmFjeVBvbGljeS5hc3B4IiwidGVybXNPZlVzZVVybCI6Imh0dHA6Ly93d3cucHJpY2Vnb25nLmNvbS9UZXJtc29mVXNlLmFzcHgifSwiY29tcGF0aWJpbGl0eSI6W3sicGxhdGZvcm0iOiJJRV9UQiIsIm1heFZlcnNpb24iOiIwLjAuMC4wIn1dLCJIaWRkZW5BcHAiOmZhbHNlLCJFbmFibGVkSW5IdHRwcyI6ZmFsc2V9LHsiaWQiOiJDb3Vwb25CdWRkeSIsInVybCI6Imh0dHA6Ly93d3cuc29jaWFsZ3Jvd3RodGVjaG5vbG9naWVzLmNvbS9jb3Vwb25idWRkeV92MDAzL2luZGV4LnBocD9jdGlkPUVCVE9PTEJBUklEIiwib3B0aW9uc0RpYWxvZyI6eyJkaXNwbGF5TmFtZSI6IkNvdXBvbkJ1ZGR5IiwiYXBwRGVzYyI6IkNvdXBvbiBCdWRkeSBzYXZlcyB5b3UgbW9uZXkgYnkgc2VydmluZyB5b3UgdGhlIGJlc3QgY291cG9ucyBhbmQgZGVhbHMgYXQgdGhvdXNhbmRzIG9mIHRoZSBsYXJnZXN0IG9ubGluZSBtZXJjaGFudHMuIENvdXBvbiBCdWRkeSByZWNvZ25pemVzIHdoZXJlIHlvdSBhcmUgYnJvd3NpbmcgYW5kIGFsZXJ0cyB5b3Ugb2YgdGhlIGJlc3QgZGVhbHMgcmlnaHQgb24gdGhlIHNpdGUgeW91IGFyZSB2aXNpdGluZy4iLCJwcml2YWN5UG9saWN5VXJsIjoiaHR0cDovL2NiYXBwLmNvbS9wcml2YWN5cG9saWN5LyIsInRlcm1zT2ZVc2VVcmwiOiJodHRwOi8vY2JhcHAuY29tL3ByaXZhY3lwb2xpY3kvIn0sIkhpZGRlbkFwcCI6ZmFsc2UsIkVuYWJsZWRJbkh0dHBzIjpmYWxzZX0seyJpZCI6IkVhc3l0b2Jvb2siLCJ1cmwiOiJodHRwOi8vZWMyLTc5LTEyNS0xNy0yMzEuZXUtd2VzdC0xLmNvbXB1dGUuYW1hem9uYXdzLmNvbS93L3dlYi93aWRnZXQuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJFYXN5dG9ib29rIiwiYXBwRGVzYyI6IlNtYXJ0IHByaWNpbmcgaG90ZWwgYXBwIHdpbGwgZ2l2ZSB5b3UgdGhlIGJlc3QgcHJpY2VzIGJhc2VkIG9uIHlvdXIgaG90ZWwgc2VhcmNoLiBUaGUgYXBwIHdpbGwgY2FsY3VsYXRlIHRoZSBudW1iZXIgb2YgbmlnaHRzIHlvdSBwaWNrZWQgYW5kIGdpdmUgeW91IHRoZSBiZXN0IHJhdGVzIHdlIGNvdWxkIGZpbmQhIiwicHJpdmFjeVBvbGljeVVybCI6Imh0dHA6Ly93d3cuZWFzeXRvYm9vay5jb20vcHJpdmFjeS8/YW11PTI4MDgyNjg2OSIsInRlcm1zT2ZVc2VVcmwiOiJodHRwOi8vd3d3LmVhc3l0b2Jvb2suY29tL2Rpc2NsYWltZXIvP2FtdT0yODA4MjY4NjkifSwiSGlkZGVuQXBwIjpmYWxzZSwiRW5hYmxlZEluSHR0cHMiOmZhbHNlfV0sIlN0YXR1cyI6InN1Y2NlZWRlZCIsImxhc3RVcGRhdGVUaW1lIjoxMzY4OTIwMzA2MDU1fQ==
FF - user.js: CT3289847.mam_gk_appsDefaultEnabled.enc - bnVsbA==
FF - user.js: CT3289847.mam_gk_configuration.enc - eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiODUwNTIyYWItMjJkZS00YWYyLThlNzktNDU4M2M3OGM2NzIxIiwiZG9tYWlucyI6WyIqIl0sImRvbWFpbnNFeGNlcHRpb24iOlsiIl19XX0seyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImU1NjU2MzEyLWMxZjUtNDIzNy04YTFkLTM0MmNhZWQ2MDQ4NSIsImRvbWFpbnMiOlsiKiJdLCJkb21haW5zRXhjZXB0aW9uIjpbIiJdfV19LHsiaWQiOiJFYXN5dG9ib29rIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiOTI0ODU5YmEtOWQ4Ny00ODkzLWE1N2UtYjJmNjBmMDViMTZjIiwiZG9tYWlucyI6WyJ0cmlwYWR2aXNvciIsInJvb21rZXkiXSwiZG9tYWluc0V4Y2VwdGlvbiI6WyIiXX1dfV0sIlN0YXR1cyI6InN1Y2NlZWRlZCIsImxhc3RVcGRhdGVUaW1lIjoxMzY4OTIwMzA2MDIwfQ==
FF - user.js: CT3289847.mam_gk_currentVersion.enc - MS40LjQuNg==
FF - user.js: CT3289847.mam_gk_eventsCache.enc - eyI3ODEzNzJmMS1iZjIxLTQ1NzgtYjVlNy0zZWIzMmQ1OWQ0N2YiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlSWQiOiI3ODEzNzJmMS1iZjIxLTQ1NzgtYjVlNy0zZWIzMmQ1OWQ0N2YiLCJldmVudFRyaWdnZXJUaW1lIjoxMzY4OTIwNjA1NjA3fX0=
FF - user.js: CT3289847.mam_gk_first_time.enc - MQ==
FF - user.js: CT3289847.mam_gk_gadgetOpen.enc - d2VsY29tZQ==
FF - user.js: CT3289847.mam_gk_installer_preapproved.enc - ZmFsc2U=
FF - user.js: CT3289847.mam_gk_lastLoginTime.enc - MTM2ODkyMDYwNDQ1OQ==
FF - user.js: CT3289847.mam_gk_localization.enc - eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIgZXhwZXJpZW5jZSBieSBvZmZlcmluZyB5b3UgZ3JlYXQgZGVhbHMsIGNvdXBvbnMsIHJlbGF0ZWQgY29udGVudCBhbmQgbXVjaCBtb3JlLiJ9LCJnYWRnZXREZXNjcmlwdGlvblNlY29uZGFyeSI6eyJUZXh0IjoiVmFsdWUgQXBwcyBtYXkgcmVxdWlyZSB1c2Ugb2YgeW91ciBwZXJzb25hbCBpbmZvcm1hdGlvbiwgaW5jbHVkaW5nIHlvdXIgSW50ZXJuZXQgUHJvdG9jb2wgYWRkcmVzcywgdGhlIHdlYnBhZ2VzIHlvdSB2aXNpdCBhbmQgdGhlaXIgY29udGVudC4ifSwiZ2FkZ2V0RW5hYmxlIjp7IlRleHQiOiJUcnkgaXQgbm93In0sImdhZGdldE5vVGhhbmtzIjp7IlRleHQiOiJDdXN0b21pemUifSwiZ2FkZ2V0VGVybXNBbmRQcml2YWN5UG9saWN5Ijp7IlRleHQiOiJUZXJtcyAmIFByaXZhY3kgUG9saWNpZXMifSwiZ2FkZ2V0VGVybXNUZXh0Ijp7IlRleHQiOiJCeSBjbGlja2luZyBcIlRyeSBpdCBub3dcIiwgeW91IGFncmVlIHRvIHRoZSBhY2Nlc3MsIGNvbGxlY3Rpb24gYW5kIHVzYWdlIG9mIHlvdXIgaW5mb3JtYXRpb24gYnkgVmFsdWUgQXBwcyBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIHt7e3Rlcm1zQW5kUHJpdmFjeVBvbGljeUhhbmRsZXJ9fX0uIFNlZSBvdXIge3t7Y29udGVudFBvbGljeUhhbmRsZXJ9fX0gZm9yIG1vcmUgaW5mb3JtYXRpb24uIn0sIm5ld2FwcGxlYXJubW9yZSI6eyJUZXh0IjoiTGVhcm4gbW9yZSJ9LCJuZXdhcHB0ZXh0Ijp7IlRleHQiOiJbQXBwIG5hbWVdIHdhcyBhZGRlZCB0byBWYWx1ZSBBcHBzIHNlcnZpY2UifSwic2V0dGluZ3NDYW5jZWwiOnsiVGV4dCI6IkNhbmNlbCJ9LCJzZXR0aW5nc0NvdXBvbkJ1ZGR5RGVzY3JpcHRpb24iOnsiVGV4dCI6IkNvdXBvbiBCdWRkeSBzYXZlcyB5b3UgbW9uZXkgYnkgc2VydmluZyB5b3UgdGhlIGJlc3QgY291cG9ucyBhbmQgZGVhbHMgYXQgdGhvdXNhbmRzIG9mIHRoZSBsYXJnZXN0IG9ubGluZSBtZXJjaGFudHMuIENvdXBvbiBCdWRkeSByZWNvZ25pemVzIHdoZXJlIHlvdSBhcmUgYnJvd3NpbmcgYW5kIGFsZXJ0cyB5b3Ugb2YgdGhlIGJlc3QgZGVhbHMgcmlnaHQgb24gdGhlIHNpdGUgeW91IGFyZSB2aXNpdGluZy4ifSwic2V0dGluZ3NDb3Vwb25CdWRkeU5hbWUiOnsiVGV4dCI6IkNvdXBvbiBCdWRkeSJ9LCJzZXR0aW5nc0VuYWJsZSI6eyJUZXh0IjoiRW5hYmxlIn0sInNldHRpbmdzRW5hYmxlZCI6eyJUZXh0IjoiRW5hYmxlZCJ9LCJzZXR0aW5nc1ByaWNlR29uZ0Rlc2NyaXB0aW9uIjp7IlRleHQiOiJ5b3VyIG9ubGluZSBzaG9wcGluZyBhc3Npc3RhbnQuIFVzZSBQcmljZUdvbmcgdG8gZmluZCB0aGUgYmVzdCBvbmxpbmUgZGVhbHMgYW5kIGdldCBvbmxpbmUgY291cG9ucyBqdXN0IHdoZW4geW91IG5lZWQgaXQuIn0sInNldHRpbmdzUHJpY2VHb25nTmFtZSI6eyJUZXh0IjoiUHJpY2UgR29uZyJ9LCJzZXR0aW5nc1ByaXZhY3lQb2xpY3kiOnsiVGV4dCI6IlByaXZhY3kgUG9saWN5In0sInNldHRpbmdzU2F2ZSI6eyJUZXh0IjoiU2F2ZSJ9LCJzZXR0aW5nc1Rlcm1zT2ZVc2UiOnsiVGV4dCI6IlRlcm1zIG9mIFVzZSJ9LCJsYXN0VXBkYXRlVGltZSI6MTM2ODkyMDYwNDMwOH0=
FF - user.js: CT3289847.mam_gk_pgUnloadedOnce.enc - dHJ1ZQ==
FF - user.js: CT3289847.mam_gk_settings1.4.4.6.enc - eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0Ijp0cnVlLCJIYWRQRyI6ZmFsc2UsIm5ld0FwcHNFeHBlcmllbmNlIjpmYWxzZSwidHJhY2tpbmciOnsiZ2EiOnRydWUsImRiIjp0cnVlfSwic2VydmljZXMiOlt7Im5hbWUiOiJjb25maWd1cmF0aW9uIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2NvbmZpZ3VyYXRpb24/Y3RpZD1DVDMyODk4NDcmc3RhbXA9MjYwXzAmY291bnRyeT1VUyZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoiYXBwc0RhdGEiLCJ1cmwiOiJodHRwOi8vY2xpZW50c2VydmljZS5tYW0uY29uZHVpdC1zZXJ2aWNlcy5jb20vYXBwc2RhdGE/Y3RpZD1DVDMyODk4NDcmc3RhbXA9MjYwXzAmY291bnRyeT1VUyZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OJiZsb2NhbD1FQkxPQ0FMRSIsImludGVydmFsIjoyNDB9LHsibmFtZSI6ImxvY2FsaXphdGlvbiIsInVybCI6Imh0dHA6Ly9sb2NhbGl6YXRpb25zZXJ2aWNlLm1hbS5jb25kdWl0LmNvbS9nZXRwcm9kdWN0dHJhbnNsYXRpb24/cD1tYW0mbD1FQkxPQ0FMRSIsImludGVydmFsIjoxNDQwfSx7Im5hbWUiOiJsb2dpbiIsInVybCI6Imh0dHA6Ly9tYW0tYWxpdmUtbXNnLmNvbmR1aXQtZGF0YS5jb20iLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJ1c2FnZSIsInVybCI6Imh0dHA6Ly9tYW0tdXNhZ2UuY29uZHVpdC1kYXRhLmNvbS8iLCJpbnRlcnZhbCI6MjQwfV19LCJsYXN0VXBkYXRlVGltZSI6MTM2ODkyMDMwNTk2MH0=
FF - user.js: CT3289847.mam_gk_showCloseButton.enc - dHJ1ZQ==
FF - user.js: CT3289847.mam_gk_showWelcomeGadget.enc - ZmFsc2U=
FF - user.js: CT3289847.mam_gk_userId.enc - MWVmMDMwNzgtNmM3OC00ZGUxLTkzZTItNGVhZTRmYTgwODJi
FF - user.js: CT3289847.migrateAppsAndComponents - true
FF - user.js: CT3289847.navigationAliasesJson - {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://WhiteSmokeNew.OurToolbar.com/\,\EB_TOOLBAR_ID\:\CT3289847\,\EB_TOOLBAR_VERSION\:\10.16.2.509\,\EB_ORIGINAL_CTID\:\CT3289847\,\EB_DOWNLOAD_PAGE\:\http://WhiteSmokeNew.OurToolbar.com/\,\EB_TOOLBAR_NAME\:\WhiteSmoke New\}
FF - user.js: CT3289847.openThankYouPage - false
FF - user.js: CT3289847.openUninstallPage - true
FF - user.js: CT3289847.originalHomepage - about:home
FF - user.js: CT3289847.originalSearchAddressUrl - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - user.js: CT3289847.originalSearchEngine - Yahoo
FF - user.js: CT3289847.price-gong.isManagedApp - true
FF - user.js: CT3289847.revertSettingsEnabled - true
FF - user.js: CT3289847.search.searchAppId - 130068661007799818
FF - user.js: CT3289847.search.searchCount - 0
FF - user.js: CT3289847.searchFromAddressBarEnabledByUser - true
FF - user.js: CT3289847.searchInNewTabEnabledByUser - true
FF - user.js: CT3289847.searchInNewTabEnabledInHidden - true
FF - user.js: CT3289847.searchRevert - true
FF - user.js: CT3289847.searchUserMode - 2
FF - user.js: CT3289847.selectToSearchBoxEnabled - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.serviceLayer_service_login_isFirstLoginInvoked - {\dataType\:\boolean\,\data\:\true\}
FF - user.js: CT3289847.serviceLayer_service_login_loginCount - {\dataType\:\number\,\data\:\4\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_activeCTID - {\dataType\:\string\,\data\:\CT3289847\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl - {\dataType\:\string\,\data\:\hxxp://WhiteSmokeNew.OurToolbar.com//xpi\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName - {\dataType\:\string\,\data\:\WhiteSmoke New\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_invoked - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate - 1368920288437
FF - user.js: CT3289847.serviceLayer_services_appsMetadata_lastUpdate - 1368925224937
FF - user.js: CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate - 1368920288520
FF - user.js: CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate - 1368920288686
FF - user.js: CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate - 1368920288911
FF - user.js: CT3289847.serviceLayer_services_location_lastUpdate - 1368920287385
FF - user.js: CT3289847.serviceLayer_services_login_10.16.2.9_lastUpdate - 1368920288822
FF - user.js: CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate - 1368920288488
FF - user.js: CT3289847.serviceLayer_services_searchAPI_lastUpdate - 1368920287425
FF - user.js: CT3289847.serviceLayer_services_serviceMap_lastUpdate - 1368920286802
FF - user.js: CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate - 1368920288446
FF - user.js: CT3289847.serviceLayer_services_toolbarSettings_lastUpdate - 1368925224036
FF - user.js: CT3289847.serviceLayer_services_translation_lastUpdate - 1368920288558
FF - user.js: CT3289847.settingsINI - true
FF - user.js: CT3289847.shouldFirstTimeDialog - false
FF - user.js: CT3289847.showToolbarPermission - false
FF - user.js: CT3289847.smartbar.CTID - CT3289847
FF - user.js: CT3289847.smartbar.Uninstall - 0
FF - user.js: CT3289847.smartbar.homepage - true
FF - user.js: CT3289847.smartbar.toolbarName - WhiteSmoke New
FF - user.js: CT3289847.startPage - true
FF - user.js: CT3289847.toolbarBornServerTime - 19-5-2013
FF - user.js: CT3289847.toolbarCurrentServerTime - 19-5-2013
FF - user.js: CT3289847.toolbarLoginClientTime - Sat May 18 2013 19:38:08 GMT-0400 (Eastern Daylight Time)
FF - user.js: CT3289847.versionFromInstaller - 10.16.2.9
FF - user.js: CT3289847_Firefox.csv - [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1368928673720,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}]
FF - user.js: CT3294791.autoDisableScopes - 0
FF - user.js: CT3294791.installSessionId - {7963408C-C299-456E-9E9F-42B82EDF5D6D}
FF - user.js: CT3294791.installSp - TRUE
FF - user.js: CT3294791.installerVersion - 1.4.2.3
FF - user.js: CT3294791.searchRevert - false
FF - user.js: CT3294791.searchUserMode - 2
FF - user.js: Smartbar.ConduitHomepagesList - hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: Smartbar.ConduitSearchEngineList - WhiteSmoke New Customized Web Search
FF - user.js: Smartbar.ConduitSearchUrlList - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: Smartbar.SearchFromAddressBarSavedUrl - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - user.js: Smartbar.keywordURLSelectedCTID - CT3289847
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1368920541
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1368920901
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1368920421
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1368925212
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1368920781
FF - user.js: browser.cache.disk.capacity - 358400
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size.use_old_max - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 358400
FF - user.js: browser.download.lastDir - C:\\Users\\kidd\\Desktop\\New folder\\New Folder (2)\\pantyhose
FF - user.js: browser.download.panel.firstSessionCompleted - true
FF - user.js: browser.download.panel.shown - true
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.migration.version - 9
FF - user.js: browser.newtab.url - about:blank
FF - user.js: browser.newtabpage.blocked - {\/yJu9NVpUfhpEFApI1RChg==\:1,\LOIMjJ9F2q5ei/M0jRAXog==\:1,\+PPPRVqmTt9zB7vj98gnEA==\:1,\+sA8xrsLdE0QVxOEnTxIOA==\:1,\guY+BOA793LU5b8RAhWRrQ==\:1,\7QdcnMeOvWcJjxhgOjgJhA==\:1,\7v0FzDEj0eJw8lEy9hrtHA==\:1,\rMQGQm4580B4cbXy0D24pQ==\:1,\GwKxn0cnolv4A6Dq+/bGqA==\:1,\DPND0jyeHKk6WXjeO7483g==\:1,\uXyMUT2+V0oEHsHehW30ew==\:1,\kCBBUatZYKw/3vHOmEP6tA==\:1,\6dRMkKLVGF7WTBppIHrJqg==\:1,\NQGOjI0xCCGXRPAZfIhJ6g==\:1,\/5CCH+6ysCozpvn8jl8/zQ==\:1,\/UhF+8Qpecv5yF7F9L4hKA==\:1,\7fRBo342Pz9Yyv7GZ8jdQA==\:1,\YmrBNJdxOhtu4dAsoWUqOA==\:1,\SVLp3hq+Mg+m5dkARUo/mg==\:1,\RHwdgZUyRw9CdIO1wq0ypg==\:1,\b8LnT+LGURSYfmjEIjkS8Q==\:1,\qdgu9szpZ1mwrbobweExaA==\:1,\Ek4F7wjDg8xb0lQesUjdyg==\:1,\14GSd6b5QKqaxMVVNe/YXQ==\:1,\k8FwSfOVcxS9kGerC4NoOQ==\:1,\nEgfLkS3o8TbgsDlgyJqPw==\:1,\8oh50xedkxyTyYkc3HtC6Q==\:1,\gzUQKOEIFXMAtOlKrdF9RQ==\:1,\pCuirzMviSYbGQA4bVSNag==\:1,\SRf3ydQ5wAfSS0se9/GCnA==\:1,\svKWy/EUTiPrjm3GifPItA==\:1,\CmvKdjdDdKukzhknj32Tpg==\:1,\FuiXwINI+2D3wYYaMMDSpA==\:1,\IWvCq+DtQIDBatIVj6NxDQ==\:1,\Bu78wXApkFNarojz5RePZw==\:1,\FGa1jbJgNy+fjlqtqpIzOg==\:1,\+QkPFbylWQCtO/dSTdtpXA==\:1,\PZncUpFZgyOW80XR7Dlqbg==\:1,\qWW47oMOsbNTSmASXrLfow==\:1,\NCW0bemX+q6uCKZ+BT3z2g==\:1,\MWKv6nVHqFMLNCHbp/NIbA==\:1,\x5qVcO55h3tyWLJSfLdoGA==\:1,\9Vjxa3V7VVYld/2bImm1Pw==\:1,\oA0KpsivrGaFp/qTKp8sjA==\:1,\8Ak7hD0CPkClohwPLL2iFA==\:1,\RBey4IvH6ZLM3n8Wf/kB5g==\:1,\PdbyBjrm0CKTvPlo/KfdHg==\:1,\i1FfZ8O8C/dfDCL7eJz0ww==\:1,\rkFbnZhnZ13r6BS/ulNsKg==\:1,\pQ+FRkMA2KNdMkOgqHkD5Q==\:1,\0minR1lILorhvpm+dZb50g==\:1,\fAr/scI2qqZrkQ6O3WIyAg==\:1,\6Q54JI6nGsbSHUddwiPlug==\:1,\ZzH1t1FMcOHmfOJQKNdiUQ==\:1,\NtJMieDLGhRxHtjABRCT0A==\:1,\JWXioivjrura3eL4s0hycQ==\:1,\20Li3XDB/sU+jhfmte6Llw==\:1,\OXCwr8GH5wHBqTRTV+J6sA==\:1,\0w2tVY9Rz2GqF43Crc+IXQ==\:1,\pPH3AgMk1RqdavCsa5yccQ==\:1,\Hk0jFLAEv39L74w5YCXM0g==\:1,\OEGDWus6qfwYO1wVAfYU+Q==\:1,\vibHrwISnJTP1HspWxmSXg==\:1,\3u1/yMrQHmWgLuvqYIOjhg==\:1,\q80MTf50Ro5xO+SIkMGSdQ==\:1,\nTiIS17w+5tVU/+/nJDiqQ==\:1,\s+m4qnj9Rj5AN5sXp6FQTg==\:1,\AMohO0f/Pdd/z3/+tCB0og==\:1,\flVA5LoAureTeMT5aTwBTQ==\:1,\RujKImxEn4xCvRAS8SJphw==\:1,\3C+L0Yu35D9jPWIFr3t+LQ==\:1,\wn3oSgC5n9QC8iPptRGFpQ==\:1,\4AAXvLSYG2sKR/MRsdsoVg==\:1,\YKhx0M5TC3Ru/BJp2gm+kg==\:1,\WMrcy3qFcvRJMXGKscRryQ==\:1,\KyVudLiMUpCG1RnNFxnuSw==\:1,\gN7LhGowFOhpFcQ7vTV6VA==\:1,\nEmbFbgY3iVtnuOMSdiD8Q==\:1,\R5kE89mkV8wNLmrGMct55Q==\:1,\lCiJDYjs49fZ+c/JHbKUbQ==\:1,\ctLlEGb7/J8EOmXWcjxTyw==\:1,\VpyUn74pmWtXEMyvtlAscQ==\:1,\SmMcdBw2wjw8J8plWbSQqw==\:1,\AFM0MyXNrm0jN14DqeZZnA==\:1,\68and/ppbQW5ecTMLDGFpg==\:1,\aa4tjNU7RzhQEnfMk26CSQ==\:1,\h7muCdgGneYq/4PmGyP0ew==\:1,\T6ensQyYoFCspyDFyfrkCw==\:1,\EIMYEHDxi2K/E7YPuR9/MA==\:1,\RkNoXvDw1SxwYoEhTGNysg==\:1,\rm5UOzwLSqae0I11nTmx4g==\:1,\t+nP64GNRJoGOb6cDtHAEA==\:1,\4jjaOdyAZi5oHotPclP3qg==\:1,\a26vopmlQHtyxCfp6DP7gA==\:1,\Aqg3JjcIFpt5M0l9RKegZQ==\:1,\LPCrvwvqVM2c8XVWY1RWPw==\:1,\PmEjjXpYqxgWIfFLNQjCPA==\:1,\rWG/5+h4BHZkrwSqgEG53Q==\:1,\8Gl7jqgpbaqnWlBpnKSJ/g==\:1,\YYMlmZUDhmt77G8WRFDVAA==\:1,\2hjVoSZ25PGO1Aqxdo/DSA==\:1,\7oLhZeLEM90CMVeqA6wqPQ==\:1,\2iDb0V4M30An0yOSZ87+fA==\:1,\ajNeD0wB0w/UqCMLGAUSKw==\:1,\3GxO/EDrie44UqdJiZrKQg==\:1,\qZE/6lFBeNF7DyKkAXLhTQ==\:1,\+tENcQl1CIlhegvv7bJCvg==\:1,\Gy9NkZkBybPp4qMfBYgrDQ==\:1,\36wqwvgQK7+9TvGKJH10yw==\:1,\cWegcRvQi4b1rT4dU5meaA==\:1,\PnyHSNfG32bzfaMX+wylVg==\:1,\ek5tJJPbOhEpzXcmrHImaA==\:1,\qwBz4UZRMnpkzpbc0uOacQ==\:1,\dCi1OiibnxkOELc6Vpovqg==\:1,\7wBHSDegyZbqDK8TMu8iZA==\:1,\lvUo1DhHte08hBgduKesxg==\:1}
FF - user.js: browser.newtabpage.pinned - [null,null,null,null,null,{\url\:\hxxps://www.youtube.com/\,\title\:\YouTube\}]
FF - user.js: browser.newtabpage.storageVersion - 1
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultengine - Ask.com
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.search.defaultthis.engineName - WhiteSmoke New Customized Web Search
FF - user.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN12415494822172248&UM=2&SearchSource=3&q={searchTerms}
FF - user.js: browser.search.order.1 - Ask.com
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&ilc=12&type=685749
FF - user.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: browser.startup.homepage_override.buildID - 20130409194949
FF - user.js: browser.startup.homepage_override.mstone - 20.0.1
FF - user.js: browser.syncPromoViewsLeftMap - {\bookmarks\:0,\passwords\:0}
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - E7CF176E110C211B
FF - user.js: datareporting.healthreport.currentDaySubmissionFailureCount - 0
FF - user.js: datareporting.healthreport.lastDataSubmissionRequestedTime - 1368925212075
FF - user.js: datareporting.healthreport.nextDataSubmissionTime - 1369012236032
FF - user.js: datareporting.policy.dataSubmissionPolicyAccepted - true
FF - user.js: datareporting.policy.dataSubmissionPolicyAcceptedVersion - 1
FF - user.js: datareporting.policy.dataSubmissionPolicyNotifiedTime - 1366079841365
FF - user.js: datareporting.policy.dataSubmissionPolicyResponseTime - 1366080148764
FF - user.js: datareporting.policy.dataSubmissionPolicyResponseType - accepted-implicit-time-elapsed
FF - user.js: datareporting.policy.firstRunTime - 1365987103979
FF - user.js: datareporting.sessions.current.activeTicks - 3
FF - user.js: datareporting.sessions.current.firstPaint - 14400
FF - user.js: datareporting.sessions.current.main - 110
FF - user.js: datareporting.sessions.current.sessionRestored - 14431
FF - user.js: datareporting.sessions.current.startTime - 1368928659204
FF - user.js: datareporting.sessions.current.totalTime - 29618
FF - user.js: datareporting.sessions.currentIndex - 25
FF - user.js: datareporting.sessions.previous.21 - {\s\:1368676554493,\a\:6,\t\:40204,\c\:false,\m\:3354,\fp\:14010,\sr\:14041}
FF - user.js: datareporting.sessions.previous.22 - {\s\:1368790869077,\a\:202,\t\:2799152,\c\:false,\m\:842,\fp\:2949,\sr\:3058}
FF - user.js: datareporting.sessions.previous.23 - {\s\:1368920282474,\a\:2,\t\:12713,\c\:true,\m\:202,\fp\:2653,\sr\:2684}
FF - user.js: datareporting.sessions.previous.24 - {\s\:1368920300368,\a\:246,\t\:8354471,\c\:true,\m\:93,\fp\:1218,\sr\:1233}
FF - user.js: datareporting.sessions.prunedIndex - 20
FF - user.js: devtools.toolbox.selectedTool - inspector
FF - user.js: dom.w3c_touch_events.expose - false
FF - user.js: extensions.asktb.ff-original-keyword-url -
FF - user.js: extensions.autoDisableScopes - 10
FF - user.js: extensions.blocklist.pingCountTotal - 144
FF - user.js: extensions.blocklist.pingCountVersion - 25
FF - user.js: extensions.bootstrappedAddons - {\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\:{\version\:\6.8\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi\}}
FF - user.js: extensions.databaseSchema - 14
FF - user.js: extensions.defaulttab.active.affiliate - 3564
FF - user.js: extensions.defaulttab.active.overridechromesearch - false
FF - user.js: extensions.defaulttab.active.overridekeywordsearch - false
FF - user.js: extensions.defaulttab.browserID - 8547CBB61D7B0C108AF5244EBAAC618C
FF - user.js: extensions.defaulttab.config - {\status\: \ok\, \config\: {\dns_error_handling\: \Scenario_1,Scenario_2\, \set_default_search\: \Search|Conduit\, \window_content\: \<html>\\r\\n<head>\\r\\n<style type=\\\text/css\\\>\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n        position: absolute;\\r\\n        top: 0;\\r\\n        right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n    <div class=\\\content\\\>\\r\\n    <img src=\\\hxxp://assets.defaulttab.com/pop3.png\\\>\\r\\n    </div>\\r\\n \\r\\n</body>\\r\\n</html>\, \version\: 1, \search_box_default\: \Search|Conduit\, \third_party_reporting_partner\: null, \change_home_page\: true, \set_default_search_on_update\: true, \change_default_search\: true, \icon_image_file\: \http://assets.mysearchresults.com/information-blue-16x16.ico\ \change_dns_error_handling_on_update\: false, \use_dns_error_handling\: true, \set_search_box\: true, \set_home_page_to\: \http://www.mysearchresults.com/?c=9001&t=03\ \enable_third_party_content\: true, \country\: \US\, \search_engines\: [{\search_engine\: \Search|Conduit\, \search_query_string\: \ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}\, \toolbar_search_engine_config_id\: 3363, \third_party_feed_identifier\: \\, \new_tab_content\: \<!DOCTYPE html PUBLIC \\\-//W3C//DTD XHTML 1.0 Transitional//EN\\\ \\\http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\\\>\\r\\n<html xmlns=\\\http://www.w3.org/1999/xhtml\ xml:lang=\\\en\\\>\\r\\n<head>\\r\\n\\t<link rel=\\\shortcut icon\\\ type=\\\image/ico\\\ href=\\\http://cdn.mysearchresults.com/images/favicon.ico\ />\\r\\n\\t<meta http-equiv=\\\Content-Type\\\ content=\\\application/xhtml+xml; charset=utf-8\\\ />\\r\\n\\t<title>New Tab</title>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\container\\\>\\r\\n\\t<div class=\\\wrapper\\\>\\r\\n\\t\\t<h1 class=\\\none\\\>My Search Results</h1>\\r\\n\\t\\t<form class=\\\search\\\ method=\\\get\\\ action=\\\http://search.conduit.com/Results.aspx\\\>\\r\\n\\t\\t\\t<fieldset>\\r\\n\\t\\t\\t\\t<legend class=\\\hidden\\\>My Search Results</legend>\\r\\n\\t\\t\\t\\t<div class=\\\holder\\\>\\r\\n\\t\\t\\t\\t\\t<div class=\\\hidden\\\>\\r\\n\\t\\t\\t\\t\\t\\t<input type=\\\hidden\\\ name=\\\ctid\\\ value=\\\CT3300025\\\ />\\r\\n                                                <input type=\\\hidden\\\ name=\\\UM\\\ value=\\\2\\\ />\\r\\n\\t\\t\\t\\t\\t\\t<input type=\\\hidden\\\ name=\\\SearchSource\\\ value=\\\45\\\ />\\r\\n\\t\\t\\t\\t\\t</div><!--/.none-->\\r\\n\\t\\t\\t\\t\\t<dl>\\r\\n\\t\\t\\t\\t\\t\\t<dt>\\r\\n\\t\\t\\t\\t\\t\\t\\t<strong class=\\\logo\\\><img src=\\\http://cdn.mysearchresults.com/newtab/logo.png\ alt=\\\logo search\\\ width=\\\35\\\ height=\\\35\\\ /></strong><!--/.logo-->\\r\\n\\t\\t\\t\\t\\t\\t\\t<label class=\\\hidden\\\ for=\\\text-search-field\\\>text-search</label>\\r\\n\\t\\t\\t\\t\\t\\t\\t<input accesskey=\\\4\\\ id=\\\text-search-field\\\ name=\\\q\\\ type=\\\text\\\ />\\r\\n\\t\\t\\t\\t\\t\\t</dt>\\r\\n\\t\\t\\t\\t\\t\\t<dd>\\r\\n\\t\\t\\t\\t\\t\\t\\t<input class=\\\btn-search\\\ type=\\\submit\\\ value=\\\Search\\\ />\\r\\n\\t\\t\\t\\t\\t\\t</dd>\\r\\n\\t\\t\\t\\t\\t</dl>\\r\\n\\t\\t\\t\\t\\t<div class=\\\search-bottom\\\>\\r\\n\\t\\t\\t\\t\\t\\t<p></a>  </p>\\r\\n\\t\\t\\t\\t\\t</div>\\r\\n\\t\\t\\t\\t</div>\\r\\n\\t\\t\\t</fieldset>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t\\t<img class=\\\img-prints-logo-icons\\\ src=\\\http://cdn.mysearchresults.com/newtab/img-prints-logo-icons.jpg\ width=\\\570\\\ height=\\\123\\\ />\\r\\n\\t\\t<ul class=\\\list-icons\\\>\\r\\n\\t\\t\\t<li><a href=\\\http://www.facebook.com\ class=\\\facebook\\\ target=\\\_blank\\\>facebook</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.twitter.com\ class=\\\twitter\\\ target=\\\_blank\\\>twitter</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.cnn.com\ class=\\\cnn\\\ target=\\\_blank\\\>cnn</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.ebay.com\ class=\\\ebay\\\ target=\\\_blank\\\>ebay</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.tumblr.com\ class=\\\tumblr\\\ target=\\\_blank\\\>tumblr.</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.linkedin.com\ class=\\\linked-in\\\ target=\\\_blank\\\>linked-in</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.pinterest.com\ class=\\\pinterest\\\ target=\\\_blank\\\>pinterest</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.wikipedia.com\ class=\\\wikipedia\\\ target=\\\_blank\\\>wikipedia</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.bbc.com\ class=\\\bbc\\\ target=\\\_blank\\\>bbc</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.amazon.com/?_encoding=UTF8&camp=1789&creative=390957&linkCode=ur2&tag=inline4-20\ class=\\\amazon\\\ target=\\\_blank\\\>amazon.com</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.nytimes.com\ class=\\\the-new-york-times\\\ target=\\\_blank\\\>the-new-york-times</a></li>\\r\\n\\t\\t</ul><!--/.list-icons-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\footer\\\>\\r\\n\\t\\t<ul>\\r\\n\\t\\t\\t<li>&copy; 2013 Search Results</li>\\r\\n\\t\\t\\t<li>\\r\\n\\t\\t\\t\\t<a href=\\\http://www.mysearchresults.com/privacy-policy\\\>Privacy &amp; Terms</a>\\r\\n\\t\\t\\t</li>\\r\\n\\t\\t</ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\\r\\n\\r\\n\\r\\n<style type=\\\text/css\\\>\\r\\n* { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\thtml, body{\\r\\n\\t\\theight:100%;\\r\\n\\t\\tmargin:0;\\r\\n\\t\\tmin-width:745px;\\r\\n\\t\\tfont-family:Arial, Helvetica, sans-serif;\\r\\n\\t}\\r\\n\\tul, h1, h2, h3, h4, h5, h6, p, fieldset{\\r\\n\\t\\tmargin:0;\\r\\n\\t\\tpadding:0;\\r\\n\\t\\tlist-style:none;\\t\\r\\n\\t\\tborder:0;\\r\\n\\t}\\r\\n\\t.none{display:none;}\\r\\n\\t.hidden{\\r\\n\\t\\tposition:absolute;\\r\\n\\t\\tleft:-9999px;\\r\\n\\t\\ttop:auto;\\r\\n\\t}\\r\\n\\t.container{\\r\\n\\t\\theight:100%;\\r\\n\\t\\tposition:relative;\\r\\n\\t}\\r\\n\\t.wrapper{\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\twidth:100%;\\r\\n\\t\\tpadding:0 0 45px;\\r\\n\\t}\\r\\n\\t/* search */\\r\\n\\t.wrapper .search{\\r\\n\\t\\tmargin:0 1px 38px;\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\tborder:1px solid #bebebe;\\r\\n\\t}\\r\\n\\t.search .holder{\\r\\n\\t\\tbackground:#f2f2f2;\\r\\n\\t\\twidth:100%;\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\tpadding:44px 0 9px;\\r\\n\\t}\\r\\n\\t.search dl{\\r\\n\\t\\twidth:740px;\\r\\n\\t\\tmargin:0 auto 22px;\\r\\n\\t\\tpadding:1px 0 0;\\r\\n\\t}\\r\\n\\t.search dl:after{\\r\\n\\t\\tcontent:'';\\r\\n\\t\\tdisplay:block;\\r\\n\\t\\tclear:both;\\r\\n\\t}\\r\\n\\t.search dt,\\r\\n\\t.search dd{\\r\\n\\t\\tfloat:left;\\r\\n\\t\\tmargin:0;\\r\\n\\t\\tpadding:0;\\r\\n\\t}\\r\\n\\t.search dt{width:603px;}\\r\\n\\t.search .logo{\\r\\n\\t\\tfloat:left;\\r\\n\\t\\tmargin:-1px 12px 0 0;\\r\\n\\t}\\r\\n\\t.logo img{display:block;}\\r\\n\\t.search input[type=\\\text\\\]{\\r\\n\\t\\t/*border:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t*/\\r\\n\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\tpadding:2px 7px;\\r\\n\\t\\theight:33px;\\r\\n\\t\\tfont-size:15px;\\r\\n\\t\\tline-height:21px;\\r\\n\\t\\tcolor:#555;\\r\\n\\t\\tbox-shadow:2px 2px 2px -2px #8b8b8b inset;\\r\\n\\t\\t-moz-box-shadow:2px 2px 2px -2px #8b8b8b inset;\\r\\n\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8b8b8b inset;\\r\\n\\t\\twidth:540px;\\r\\n\\t\\tfloat:right;\\r\\n\\t\\toutline:none;\\r\\n\\t}\\r\\n\\t.search .btn-search{\\r\\n\\t\\tborder:1px solid #4272c9;\\r\\n\\t\\tbackground:#4f7ed1;\\r\\n\\t\\ttext-align:center;\\r\\n\\t\\tpadding:1px 38px;\\r\\n\\t\\theight:33px;\\r\\n\\t\\tfont:bold 15px/21px Arial, Helvetica, sans-serif;\\r\\n\\t\\tcolor:#fff;\\r\\n\\t\\t;\\r\\n\\t\\tcursor:pointer;\\r\\n\\t\\tfloat:left;\\r\\n\\t}\\r\\n\\t*+ html .search .btn-search{\\r\\n\\t\\tpadding-left:20px;\\r\\n\\t\\tpadding-right:20px;\\r\\n\\t\\tborder:none;\\r\\n\\t}\\r\\n\\t.search dt input:focus,\\r\\n\\t.search .btn-search:focus{position:relative;}\\r\\n\\t.search .btn-search:hover{background:#4272c9;}\\r\\n\\t.search dt input:focus{\\r\\n\\t\\tbox-shadow:2px 2px 2px -2px #8b8b8b inset, 0 0 2px 1px rgba(238, 161, 12, .7);\\r\\n\\t\\t-moz-box-shadow:2px 2px 2px -2px #8b8b8b inset, 0 0 2px 1px rgba(238, 161, 12, .7);\\r\\n\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8b8b8b inset, 0 0 2px 1px rgba(238, 161, 12, .7);\\r\\n\\t}\\r\\n\\t.search .search-bottom{\\r\\n\\t\\tfont-size:11px;\\r\\n\\t\\tline-height:13px;\\r\\n\\t\\tcolor:#414141;\\r\\n\\t\\ttext-align:right;\\r\\n\\t\\tmargin:0 10px 0 0;\\r\\n\\t}\\r\\n\\t.search .search-bottom p{margin:0;}\\r\\n\\t.search .search-bottom a{\\r\\n\\t\\tcolor:#414141;\\r\\n\\t\\ttext-decoration:none;\\r\\n\\t}\\r\\n\\t.search .search-bottom a:hover{text-decoration:underline;}\\r\\n\\t/* footer */\\r\\n\\t.footer{\\r\\n\\t\\tposition:fixed;\\r\\n\\t\\tbottom:0;\\r\\n\\t\\tleft:0;\\r\\n\\t\\twidth:100%;\\t\\r\\n\\t\\ttext-align:right;\\r\\n\\t}\\r\\n\\t.footer ul{\\r\\n\\t\\tlist-style:none;\\r\\n\\t\\tmargin:0 auto;\\r\\n\\t\\tpadding-top:10px;\\r\\n\\t\\tpadding-bottom:3px;\\r\\n\\t\\tfont:11px/13px Arial, Helvetica, sans-serif;\\r\\n\\t\\tcolor:#555;\\r\\n\\t}\\r\\n\\t.footer ul li{\\r\\n\\t\\tdisplay:inline;\\r\\n\\t\\tpadding:0 10px;\\r\\n\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t}\\r\\n\\t.footer ul li:first-child{border:0;}\\r\\n\\t.footer ul a{\\r\\n\\t\\tcolor:#555;\\r\\n\\t\\ttext-decoration:none;\\t\\r\\n\\t}\\r\\n\\t.footer ul a:hover{text-decoration:underline;}\\r\\n\\t/* list-icons */\\r\\n\\t.list-icons{\\r\\n\\t\\twidth:594px;\\r\\n\\t\\tmargin:0 auto 10px;\\r\\n\\t\\ttext-align:center;\\r\\n\\t}\\r\\n\\t.list-icons li{\\r\\n\\t\\tdisplay:inline-block;\\r\\n\\t\\tvertical-align:middle;\\r\\n\\t\\tpadding:9px 12px;\\r\\n\\t}\\r\\n\\t*+html .list-icons li{display:inline;}\\r\\n\\t.list-icons a{\\r\\n\\t\\tdisplay:inline-block;\\r\\n\\t\\tcolor:#555;\\r\\n\\t\\ttext-decoration:none;\\t\\r\\n\\t}\\r\\n\\t*+html .list-icons a{display:inline;}\\r\\n\\t.list-icons a:hover{text-decoration:underline;}\\r\\n\\t.list-icons .facebook,\\r\\n\\t.list-icons .twitter,\\r\\n\\t.list-icons .cnn,\\r\\n\\t.list-icons .ebay,\\r\\n\\t.list-icons .tumblr,\\r\\n\\t.list-icons .linked-in,\\r\\n\\t.list-icons .pinterest,\\r\\n\\t.list-icons .wikipedia,\\r\\n\\t.list-icons .bbc,\\r\\n\\t.list-icons .amazon,\\r\\n\\t.list-icons .the-new-york-times{\\r\\n\\t\\ttext-indent:-9999px;\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\tdisplay:inline-block;\\r\\n\\t\\tbackground:url(http://cdn.mysearchresults.com/newtab/logo-icons.png) no-repeat 0 -3px;\\r\\n\\t\\twidth:33px;\\r\\n\\t\\theight:32px;\\r\\n\\t}\\r\\n\\t*+html .wrapper .list-icons li a{\\r\\n\\t\\ttext-indent:0;\\r\\n\\t\\toverflow:visible;\\r\\n\\t\\tfont-size:0;\\r\\n\\t\\tline-height:0;\\r\\n\\t}\\r\\n\\t.list-icons .twitter{\\r\\n\\t\\tbackground-position:-62px -3px;\\r\\n\\t\\twidth:43px;\\r\\n\\t}\\r\\n\\t.list-icons .cnn{\\r\\n\\t\\tbackground-position:-132px -6px;\\r\\n\\t\\twidth:53px;\\r\\n\\t\\theight:26px;\\r\\n\\t}\\r\\n\\t.list-icons .ebay{\\r\\n\\t\\tbackground-position:-217px -1px;\\r\\n\\t\\twidth:86px;\\r\\n\\t\\theight:35px;\\r\\n\\t}\\r\\n\\t.list-icons .tumblr{\\r\\n\\t\\tbackground-position:-341px -6px;\\r\\n\\t\\twidth:87px;\\r\\n\\t\\theight:24px;\\r\\n\\t}\\r\\n\\t.list-icons .linked-in{\\r\\n\\t\\tbackground-position:-466px -3px;\\r\\n\\t\\twidth:35px;\\r\\n\\t\\theight:32px;\\r\\n\\t}\\r\\n\\t.list-icons .pinterest{\\r\\n\\t\\tbackground-position:-533px 0;\\r\\n\\t\\twidth:37px;\\r\\n\\t\\theight:37px;\\r\\n\\t}\\r\\n\\t.list-icons .wikipedia{\\r\\n\\t\\tbackground-position:-20px -60px;\\r\\n\\t\\twidth:56px;\\r\\n\\t\\theight:63px;\\r\\n\\t}\\r\\n\\t.list-icons .bbc{\\r\\n\\t\\tbackground-position:-106px -75px;\\r\\n\\t\\twidth:73px;\\r\\n\\t\\theight:21px;\\r\\n\\t}\\r\\n\\t.list-icons .amazon{\\r\\n\\t\\tbackground-position:-209px -76px;\\r\\n\\t\\twidth:119px;\\r\\n\\t\\theight:25px;\\r\\n\\t}\\r\\n\\t.list-icons .the-new-york-times{\\r\\n\\t\\tbackground-position:-357px -72px;\\r\\n\\t\\twidth:178px;\\r\\n\\t\\theight:26px;\\r\\n\\t}\\r\\n\\t.list-icons .facebook:hover{background-position:0 -136px;}\\r\\n\\t.list-icons .twitter:hover{background-position:-62px -136px;}\\r\\n\\t.list-icons .cnn:hover{background-position:-132px -139px;}\\r\\n\\t.list-icons .ebay:hover{background-position:-217px -134px;}\\r\\n\\t.list-icons .tumblr:hover{background-position:-341px -139px;}\\r\\n\\t.list-icons .linked-in:hover{background-position:-466px -136px;}\\r\\n\\t.list-icons .pinterest:hover{background-position:-533px -133px;}\\r\\n\\t.list-icons .wikipedia:hover{background-position:-20px -193px;}\\r\\n\\t.list-icons .bbc:hover{background-position:-106px -208px;}\\r\\n\\t.list-icons .amazon:hover{background-position:-209px -209px;}\\r\\n\\t.list-icons .the-new-york-times:hover{background-position:-357px -205px;}\\r\\n\\t.img-prints-logo-icons{display:none;}\\r\\n\\t@media print{\\r\\n\\t\\t.img-prints-logo-icons{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:16px 0;\\r\\n\\t\\t\\twidth:70%;\\r\\n\\t\\t\\theight:auto;\\r\\n\\t\\t}\\r\\n\\t\\t.list-icons{display:none;}\\r\\n\\t\\t.wrapper .search{border:none;}\\r\\n\\t\\t.search .holder,\\r\\n\\t\\t.search .btn-search{background:none;}\\r\\n\\t\\t.search dl{width:100%;}\\r\\n\\t\\t.search .btn-search,\\r\\n\\t\\t.search input[type=\\\text\\\]{\\r\\n\\t\\t\\tborder:1px solid #000;\\r\\n\\t\\t\\tbox-shadow:none;\\r\\n\\t\\t\\t-webkit-box-shadow:none;\\r\\n\\t\\t\\t-moz-box-shadow:none;\\r\\n\\t\\t\\tcolor:#000;\\r\\n\\t\\t\\tbox-sizing:border-box;\\r\\n\\t\\t\\t-moz-box-sizing:border-box;\\r\\n\\t\\t\\t-webkit-box-sizing:border-box;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t}\\r\\n\\t\\t*+html .search .btn-search{border:1px solid #000;}\\r\\n\\t\\t*+html .search input[type=\\\text\\\]{height:21px;}\\r\\n\\t\\t.search dl dt{width:70%;}\\r\\n\\t\\t.search dl dd{width:30%;}\\r\\n\\t\\t.search input[type=\\\text\\\]{width:80%;}\\r\\n\\t\\t.search .btn-search{padding:1px 25%;}\\r\\n\\t\\t.footer ul,\\r\\n\\t\\t.footer ul a{color:#000;}\\r\\n\\t\\t.footer ul li{border:none;}\\r\\n\\t}\\r\\n</style>\, \base_url\: \http://search.conduit.com/Results.aspx\ \search_engine_id\: 150}, {\search_engine\: \Facebook\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3364, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://www.facebook.com/search.php?q={searchTerms}\ \search_engine_id\: 88}, {\search_engine\: \Amazon\, \search_query_string\: \&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\, \toolbar_search_engine_config_id\: 3365, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://www.amazon.com/mn/search/?encoding=UTF8\ \search_engine_id\: 85}, {\search_engine\: \Wikipedia\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3366, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://en.wikipedia.org/wiki/{searchTerms}\ \search_engine_id\: 86}, {\search_engine\: \Twitter\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3367, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \https://twitter.com/#!/search?q={searchTerms}\ \search_engine_id\: 87}, {\search_engine\: \eBay\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3368, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://www.ebay.com/sch/?_nkw={searchTerms}\ \search_engine_id\: 92}], \set_home_page_on_update\: true, \channel\: 3564, \revision\: 1}}
FF - user.js: extensions.defaulttab.firstrun - false
FF - user.js: extensions.defaulttab.installedVersion - 2.0
FF - user.js: extensions.downloadyoutubevideosasmp.firstVersion - 6.6
FF - user.js: extensions.downloadyoutubevideosasmp.firstrun - false
FF - user.js: extensions.downloadyoutubevideosasmp.optIn - true
FF - user.js: extensions.downloadyoutubevideosasmp.userId - 96d92cd1-28b9-4001-b33a-2c99e9226b87
FF - user.js: extensions.downloadyoutubevideosasmp.userIdLogged - true
FF - user.js: extensions.downloadyoutubevideosasmp.version - 6.8
FF - user.js: extensions.enabledAddons - artur.dubovoy%40gmail.com:3.8.7,iobit%40mybrowserbar.com:7.0,addon%40defaulttab.com:2.0,singalong%40xenophesoft.com:1.111,%7B739df940-c5ee-4bab-9d7e-270894ae687a%7D:10.16.2.509,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js: extensions.hotfix.lastVersion - 20121019.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1368555647178},\avg@toolbar\:{\descriptor\:\C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\14.2.0.1\,\mtime\:1361228958033}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1365724774182}}},{\name\:\winreg-app-user\,\addons\:{\[email protected]\:{\descriptor\:\C:\\\\Users\\\\kidd\\\\AppData\\\\Local\\\\ArcadeCandy\\\\[email protected]\,\mtime\:1345050184580},\[email protected]\:{\descriptor\:\C:\\\\Program Files (x86)\\\\SingAlong\\\\FF\,\mtime\:1368920192178}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\C:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\[email protected]\,\mtime\:1368920209541},\[email protected]\:{\descriptor\:\C:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\[email protected]\,\mtime\:1363223564553},\[email protected]\:{\descriptor\:\C:\\\\Program Files (x86)\\\\IObit Toolbar\\\\FF\,\mtime\:1365987703094},\{739df940-c5ee-4bab-9d7e-270894ae687a}\:{\descriptor\:\C:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\{739df940-c5ee-4bab-9d7e-270894ae687a}\,\mtime\:1368928672408},\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\:{\descriptor\:\C:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi\,\mtime\:1364054142261}}}]
FF - user.js: extensions.lastAppVersion - 20.0.1
FF - user.js: extensions.lastPlatformVersion - 20.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://search/easy%20youtube
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: fvd_single.download.window_height - 500
FF - user.js: fvd_single.download.window_width - 900
FF - user.js: fvd_single.fvdsd_last_used_version - 3.8.7
FF - user.js: fvd_single.is_first_run - false
FF - user.js: fvd_single.single.dont_display_features_hint - true
FF - user.js: fvd_single.supported_sites.check_interval - 2335735235
FF - user.js: fvd_single.supported_sites.last_check - Sat, 20 Oct 2012 13:17:48 GMT
FF - user.js: gecko.buildID - 20130409194949
FF - user.js: gecko.mstone - 20.0.1
FF - user.js: gfx.direct3d.prefer_10_1 - true
FF - user.js: idle.lastDailyNotification - 1368920888
FF - user.js: intl.charsetmenu.browser.cache - UTF-8, windows-1256, windows-1250, windows-1251, windows-1252
FF - user.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: pdfjs.database - {\files\:[{\fingerprint\:\12a221a2586df7234c28f256779dbb55\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollLeft\:0,\scrollTop\:798}]}
FF - user.js: pdfjs.migrationVersion - 1
FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
FF - user.js: pdfjs.previousHandler.preferredAction - 4
FF - user.js: places.database.lastMaintenance - 1368645065
FF - user.js: places.history.expiration.transient_current_max_pages - 104858
FF - user.js: plugin.disable_full_page_plugin_for_types - application/pdf
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: smartbar.addressBarOwnerCTID - CT3289847
FF - user.js: smartbar.conduitHomepageList - hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN12415494822172248&UM=2&SearchSource=13,http://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: smartbar.conduitSearchAddressUrlList - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: smartbar.defaultSearchOwnerCTID - CT3289847
FF - user.js: smartbar.homePageOwnerCTID - CT3289847
FF - user.js: smartbar.machineId - YDSWRDYDQVCMPKDXOLMLUMSDNEAMQ+YCLOKK3SMI+EYER9WVOO4LZX6RYJCPBOCKBJTSLQZFZYHMLHXUAKQVNQ
FF - user.js: smartbar.originalHomepage - hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN12415494822172248&UM=2&SearchSource=13
FF - user.js: spellchecker.dictionary - en-US
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1367136142
FF - user.js: toolkit.startup.last_success - 1368928659
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1371268570
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-23 45856]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-3-21 1341664]
S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-1-10 139768]
S2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2013-1-23 16896]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-30 676936]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe --> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [?]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-3 1395736]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-3 166528]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-28 1015984]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2013-6-5 33872]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-4-26 44928]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-30 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2013-06-26 00:32:34    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-25 22:27:48    --------    d-----w-    C:\ProgramData\PC Drivers HeadQuarters
2013-06-25 15:49:24    --------    d-----w-    C:\Users\kidd\AppData\Local\ESET
2013-06-25 15:34:21    --------    d-----w-    C:\Program Files\ESET
2013-06-25 15:28:17    --------    d-----w-    C:\Users\kidd\AppData\Roaming\TuneUp Software
2013-06-12 19:15:51    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-09 00:53:48    --------    d-----w-    C:\Users\kidd\AppData\Local\pinger.com
2013-06-09 00:53:41    --------    d-----w-    C:\Users\kidd\AppData\Local\Caphyon
2013-06-09 00:53:34    --------    d-----w-    C:\Program Files (x86)\Pinger
2013-06-09 00:52:39    --------    d-----w-    C:\Users\kidd\AppData\Roaming\Pinger Inc
2013-06-08 23:51:39    --------    d-----w-    C:\Users\kidd\fontconfig
2013-06-06 20:56:05    --------    d-----w-    C:\Users\kidd\AppData\Local\Microsoft Games
2013-06-05 20:46:04    --------    d-----w-    C:\Users\kidd\AppData\Roaming\Canneverbe Limited
2013-06-05 20:46:04    --------    d-----w-    C:\ProgramData\Canneverbe Limited
2013-06-05 20:42:53    --------    d-----w-    C:\Program Files (x86)\Emicsoft Studio
2013-06-05 19:22:01    --------    d-----w-    C:\Users\kidd\AppData\Roaming\AnvSoft
2013-06-05 18:59:46    33872    ----a-w-    C:\Windows\System32\drivers\anvsnddrv.sys
2013-06-05 18:59:32    --------    d-----w-    C:\Program Files (x86)\AnvSoft
2013-06-05 15:25:10    --------    d-----w-    C:\Users\kidd\AppData\Roaming\Search Protection
2013-06-05 15:20:24    --------    d-----w-    C:\Users\kidd\AppData\Roaming\uTorrent
2013-06-03 20:56:53    17272    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-05-29 01:25:02    --------    d-----w-    C:\Users\kidd\AppData\Local\Facebook
.
==================== Find3M  ====================
.
2013-06-12 04:04:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:04:10    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-29 01:58:17    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:10:12    770384    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-05-08 06:10:12    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
.
============= FINISH: 21:56:50.55 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 8/9/2012 11:03:03 AM
System Uptime: 6/25/2013 9:14:29 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0M017G
Processor: Intel® Core™2 Quad CPU    Q9650  @ 3.00GHz | CPU 1 | 2999/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 235.658 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.739 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ehdrv
Device ID: ROOT\LEGACY_EHDRV\0000
Manufacturer:
Name: ehdrv
PNP Device ID: ROOT\LEGACY_EHDRV\0000
Service: ehdrv
.
==== System Restore Points ===================
.
RP75: 6/9/2013 1:43:53 PM - Scheduled Checkpoint
RP76: 6/12/2013 9:00:14 PM - Windows Update
RP77: 6/15/2013 9:00:15 PM - Windows Update
RP78: 6/25/2013 11:26:12 AM - Removed AVG 2012
RP79: 6/25/2013 11:30:07 AM - Removed AVG 2012
RP80: 6/25/2013 11:32:54 AM - Installed ESET NOD32 Antivirus
.
==== Installed Programs ======================
.
µTorrent
7-zip v9.20
AChat 1.17
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Any Video Converter Ultimate 4.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcadeCandy
AVG Security Toolbar
Bonjour
CCleaner
CDBurnerXP
Debut Video Capture Software
DomaIQ
Driver Manager
Driver Restore
Emicsoft FLV Converter
ESET NOD32 Antivirus
Express Burn
Facebook Messenger 2.1.4814.0
Fantapper Player
Fantapper Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iTunes
LG Verizon United Drivers
Malwarebytes Anti-Malware version 1.65.1.1000
ManyCam 3.1.51
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nitto 1320 Legends Public Beta 0.10.03
Optimizer Pro v3.1
Pinger
Privacy SafeGuard version 1.1
QuickShare
Red Light Center 3D Client
Search Protect by conduit
Search Protection
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sing Along
SMPlayer 0.6.9
Spybot - Search & Destroy
Strongvault Online Backup
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Vafmusic2 Toolbar
VAFPlayer
VideoPad Video Editor
Visual Studio 2008 x64 Redistributables
WinRAR 5.00 beta 4 (64-bit)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/25/2013 9:55:54 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
6/25/2013 9:16:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/25/2013 9:15:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/25/2013 9:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/25/2013 9:15:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/25/2013 9:15:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/25/2013 9:15:03 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache eamonm ehdrv spldr Wanarpv6
6/25/2013 8:59:45 PM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  %%-2147024891
6/25/2013 8:59:36 PM, Error: Service Control Manager [7034]  - The Message Queuing service terminated unexpectedly.  It has done this 2 time(s).
6/25/2013 8:57:49 PM, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  Access is denied.
6/25/2013 8:57:26 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
6/25/2013 8:57:22 PM, Error: Service Control Manager [7031]  - The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/25/2013 8:57:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
6/25/2013 8:57:07 PM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/25/2013 8:57:06 PM, Error: SNMP [1500]  - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
6/25/2013 8:57:06 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
6/25/2013 8:57:06 PM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The system cannot find the file specified.
6/25/2013 8:57:02 PM, Error: Microsoft-Windows-TaskScheduler [701]  - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942405.
6/25/2013 3:35:49 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
6/25/2013 3:25:12 PM, Error: Service Control Manager [7023]  - The Windows Time service terminated with the following error:  A system shutdown is in progress.
6/25/2013 11:35:28 AM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
6/21/2013 12:16:34 PM, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 26 June 2013 - 10:31 AM

Hello lilbit2604 and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)




-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 lilbit2604

lilbit2604
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 26 June 2013 - 09:29 PM

I ran everything, then rebooted in regular mode, system still does not allow me to access to the internet, and most progams still arent working.

15:24:26.0436 2604  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
15:24:26.0799 2604  ============================================================
15:24:26.0799 2604  Current date / time: 2013/06/26 15:24:26.0799
15:24:26.0799 2604  SystemInfo:
15:24:26.0799 2604  
15:24:26.0799 2604  OS Version: 6.1.7601 ServicePack: 1.0
15:24:26.0799 2604  Product type: Workstation
15:24:26.0799 2604  ComputerName: KIDD-PC
15:24:26.0799 2604  UserName: kidd
15:24:26.0799 2604  Windows directory: C:\Windows
15:24:26.0799 2604  System windows directory: C:\Windows
15:24:26.0799 2604  Running under WOW64
15:24:26.0799 2604  Processor architecture: Intel x64
15:24:26.0799 2604  Number of processors: 4
15:24:26.0799 2604  Page size: 0x1000
15:24:26.0799 2604  Boot type: Safe boot with network
15:24:26.0799 2604  ============================================================
15:24:27.0649 2604  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:24:27.0689 2604  ============================================================
15:24:27.0689 2604  \Device\Harddisk0\DR0:
15:24:27.0689 2604  MBR partitions:
15:24:27.0689 2604  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
15:24:27.0689 2604  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
15:24:27.0689 2604  ============================================================
15:24:27.0724 2604  C: <-> \Device\Harddisk0\DR0\Partition2
15:24:27.0762 2604  D: <-> \Device\Harddisk0\DR0\Partition1
15:24:27.0762 2604  ============================================================
15:24:27.0762 2604  Initialize success
15:24:27.0762 2604  ============================================================
15:24:31.0935 2268  ============================================================
15:24:31.0935 2268  Scan started
15:24:31.0935 2268  Mode: Manual;
15:24:31.0935 2268  ============================================================
15:24:32.0501 2268  ================ Scan system memory ========================
15:24:32.0501 2268  System memory - ok
15:24:32.0502 2268  ================ Scan services =============================
15:24:32.0641 2268  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:24:32.0644 2268  1394ohci - ok
15:24:32.0700 2268  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:24:32.0703 2268  ACPI - ok
15:24:32.0737 2268  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:24:32.0737 2268  AcpiPmi - ok
15:24:32.0855 2268  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:24:32.0855 2268  AdobeARMservice - ok
15:24:32.0956 2268  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:24:32.0957 2268  AdobeFlashPlayerUpdateSvc - ok
15:24:32.0992 2268  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:24:32.0998 2268  adp94xx - ok
15:24:33.0022 2268  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:24:33.0025 2268  adpahci - ok
15:24:33.0037 2268  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:24:33.0039 2268  adpu320 - ok
15:24:33.0058 2268  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:24:33.0059 2268  AeLookupSvc - ok
15:24:33.0108 2268  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:24:33.0113 2268  AFD - ok
15:24:33.0161 2268  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:24:33.0161 2268  agp440 - ok
15:24:33.0170 2268  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:24:33.0176 2268  ALG - ok
15:24:33.0187 2268  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:24:33.0187 2268  aliide - ok
15:24:33.0240 2268  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:24:33.0241 2268  AMD External Events Utility - ok
15:24:33.0245 2268  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:24:33.0245 2268  amdide - ok
15:24:33.0256 2268  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:24:33.0257 2268  AmdK8 - ok
15:24:33.0446 2268  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:24:33.0590 2268  amdkmdag - ok
15:24:33.0610 2268  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:24:33.0612 2268  amdkmdap - ok
15:24:33.0623 2268  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:24:33.0623 2268  AmdPPM - ok
15:24:33.0658 2268  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:24:33.0659 2268  amdsata - ok
15:24:33.0671 2268  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:24:33.0673 2268  amdsbs - ok
15:24:33.0678 2268  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:24:33.0678 2268  amdxata - ok
15:24:33.0717 2268  [ E71711D37C48AC40FD3E2866A5ABBA51 ] anvsnddrv       C:\Windows\system32\drivers\anvsnddrv.sys
15:24:33.0718 2268  anvsnddrv - ok
15:24:33.0791 2268  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
15:24:33.0791 2268  AppHostSvc - ok
15:24:33.0836 2268  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:24:33.0836 2268  AppID - ok
15:24:33.0861 2268  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:24:33.0861 2268  AppIDSvc - ok
15:24:33.0907 2268  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:24:33.0908 2268  Appinfo - ok
15:24:33.0993 2268  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:24:33.0994 2268  Apple Mobile Device - ok
15:24:34.0004 2268  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:24:34.0005 2268  arc - ok
15:24:34.0017 2268  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:24:34.0018 2268  arcsas - ok
15:24:34.0132 2268  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:24:34.0157 2268  aspnet_state - ok
15:24:34.0174 2268  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:24:34.0174 2268  AsyncMac - ok
15:24:34.0205 2268  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:24:34.0205 2268  atapi - ok
15:24:34.0363 2268  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:24:34.0402 2268  atikmdag - ok
15:24:34.0444 2268  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:24:34.0461 2268  AudioEndpointBuilder - ok
15:24:34.0470 2268  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:24:34.0473 2268  AudioSrv - ok
15:24:34.0512 2268  [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
15:24:34.0513 2268  avgtp - ok
15:24:34.0562 2268  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:24:34.0564 2268  AxInstSV - ok
15:24:34.0596 2268  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:24:34.0600 2268  b06bdrv - ok
15:24:34.0621 2268  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:24:34.0623 2268  b57nd60a - ok
15:24:34.0658 2268  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:24:34.0659 2268  BDESVC - ok
15:24:34.0674 2268  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:24:34.0675 2268  Beep - ok
15:24:34.0732 2268  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:24:34.0748 2268  BFE - ok
15:24:34.0798 2268  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:24:34.0832 2268  BITS - ok
15:24:34.0859 2268  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:24:34.0860 2268  blbdrive - ok
15:24:34.0973 2268  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:24:34.0977 2268  Bonjour Service - ok
15:24:35.0024 2268  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:24:35.0026 2268  bowser - ok
15:24:35.0050 2268  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:24:35.0051 2268  BrFiltLo - ok
15:24:35.0058 2268  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:24:35.0058 2268  BrFiltUp - ok
15:24:35.0104 2268  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:24:35.0105 2268  Browser - ok
15:24:35.0115 2268  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:24:35.0118 2268  Brserid - ok
15:24:35.0126 2268  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:24:35.0126 2268  BrSerWdm - ok
15:24:35.0129 2268  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:24:35.0129 2268  BrUsbMdm - ok
15:24:35.0137 2268  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:24:35.0137 2268  BrUsbSer - ok
15:24:35.0153 2268  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:24:35.0154 2268  BTHMODEM - ok
15:24:35.0196 2268  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:24:35.0197 2268  bthserv - ok
15:24:35.0224 2268  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:24:35.0225 2268  cdfs - ok
15:24:35.0279 2268  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:24:35.0281 2268  cdrom - ok
15:24:35.0328 2268  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:24:35.0329 2268  CertPropSvc - ok
15:24:35.0332 2268  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:24:35.0333 2268  circlass - ok
15:24:35.0343 2268  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:24:35.0346 2268  CLFS - ok
15:24:35.0395 2268  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:35.0395 2268  clr_optimization_v2.0.50727_32 - ok
15:24:35.0428 2268  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:24:35.0429 2268  clr_optimization_v2.0.50727_64 - ok
15:24:35.0503 2268  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:24:35.0526 2268  clr_optimization_v4.0.30319_32 - ok
15:24:35.0557 2268  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:24:35.0559 2268  clr_optimization_v4.0.30319_64 - ok
15:24:35.0663 2268  [ 2B9A15DFDC14B4ECB1E8FC13AE43E60F ] CltMngSvc       C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
15:24:35.0664 2268  CltMngSvc - ok
15:24:35.0678 2268  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:24:35.0679 2268  CmBatt - ok
15:24:35.0695 2268  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:24:35.0695 2268  cmdide - ok
15:24:35.0744 2268  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:24:35.0748 2268  CNG - ok
15:24:35.0751 2268  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:24:35.0751 2268  Compbatt - ok
15:24:35.0807 2268  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:24:35.0808 2268  CompositeBus - ok
15:24:35.0819 2268  COMSysApp - ok
15:24:35.0822 2268  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:24:35.0823 2268  crcdisk - ok
15:24:35.0873 2268  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:24:35.0875 2268  CryptSvc - ok
15:24:35.0920 2268  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:24:35.0925 2268  DcomLaunch - ok
15:24:35.0955 2268  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:24:35.0958 2268  defragsvc - ok
15:24:36.0015 2268  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:24:36.0016 2268  DfsC - ok
15:24:36.0065 2268  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:24:36.0068 2268  Dhcp - ok
15:24:36.0078 2268  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:24:36.0078 2268  discache - ok
15:24:36.0106 2268  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:24:36.0107 2268  Disk - ok
15:24:36.0153 2268  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:24:36.0155 2268  Dnscache - ok
15:24:36.0193 2268  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:24:36.0195 2268  dot3svc - ok
15:24:36.0243 2268  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:24:36.0245 2268  DPS - ok
15:24:36.0272 2268  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:24:36.0272 2268  drmkaud - ok
15:24:36.0320 2268  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:24:36.0337 2268  DXGKrnl - ok
15:24:36.0459 2268  [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
15:24:36.0461 2268  eamonm - ok
15:24:36.0521 2268  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:24:36.0545 2268  EapHost - ok
15:24:36.0643 2268  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:24:36.0695 2268  ebdrv - ok
15:24:36.0735 2268  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:24:36.0735 2268  EFS - ok
15:24:36.0785 2268  [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
15:24:36.0786 2268  ehdrv - ok
15:24:36.0938 2268  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:24:36.0964 2268  ekrn - ok
15:24:36.0995 2268  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:24:37.0000 2268  elxstor - ok
15:24:37.0036 2268  [ B4E8DC817963B256537B1EC09AF0647E ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:24:37.0037 2268  epfwwfpr - ok
15:24:37.0073 2268  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:24:37.0074 2268  ErrDev - ok
15:24:37.0103 2268  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:24:37.0108 2268  EventSystem - ok
15:24:37.0119 2268  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:24:37.0121 2268  exfat - ok
15:24:37.0131 2268  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:24:37.0133 2268  fastfat - ok
15:24:37.0180 2268  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:24:37.0198 2268  Fax - ok
15:24:37.0211 2268  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:24:37.0212 2268  fdc - ok
15:24:37.0221 2268  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:24:37.0221 2268  fdPHost - ok
15:24:37.0228 2268  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:24:37.0229 2268  FDResPub - ok
15:24:37.0234 2268  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:24:37.0235 2268  FileInfo - ok
15:24:37.0246 2268  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:24:37.0246 2268  Filetrace - ok
15:24:37.0249 2268  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:24:37.0249 2268  flpydisk - ok
15:24:37.0286 2268  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:24:37.0288 2268  FltMgr - ok
15:24:37.0365 2268  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:24:37.0390 2268  FontCache - ok
15:24:37.0439 2268  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:24:37.0440 2268  FontCache3.0.0.0 - ok
15:24:37.0452 2268  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:24:37.0452 2268  FsDepends - ok
15:24:37.0484 2268  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:24:37.0485 2268  Fs_Rec - ok
15:24:37.0548 2268  [ 27341ACC0D7A37E103105918D56E05DD ] FTSvc           C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
15:24:37.0548 2268  FTSvc - ok
15:24:37.0587 2268  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:24:37.0589 2268  fvevol - ok
15:24:37.0613 2268  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:24:37.0614 2268  gagp30kx - ok
15:24:37.0673 2268  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:24:37.0674 2268  GEARAspiWDM - ok
15:24:37.0720 2268  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:24:37.0737 2268  gpsvc - ok
15:24:37.0866 2268  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:24:37.0867 2268  gupdate - ok
15:24:37.0871 2268  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:24:37.0871 2268  gupdatem - ok
15:24:37.0911 2268  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:24:37.0912 2268  gusvc - ok
15:24:37.0927 2268  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:24:37.0928 2268  hcw85cir - ok
15:24:37.0980 2268  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:24:37.0984 2268  HdAudAddService - ok
15:24:38.0043 2268  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:24:38.0045 2268  HDAudBus - ok
15:24:38.0058 2268  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:24:38.0059 2268  HidBatt - ok
15:24:38.0074 2268  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:24:38.0075 2268  HidBth - ok
15:24:38.0082 2268  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:24:38.0083 2268  HidIr - ok
15:24:38.0128 2268  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:24:38.0129 2268  hidserv - ok
15:24:38.0148 2268  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:24:38.0148 2268  HidUsb - ok
15:24:38.0190 2268  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:24:38.0191 2268  hkmsvc - ok
15:24:38.0238 2268  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:24:38.0241 2268  HomeGroupListener - ok
15:24:38.0282 2268  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:24:38.0285 2268  HomeGroupProvider - ok
15:24:38.0338 2268  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:24:38.0339 2268  HpSAMD - ok
15:24:38.0396 2268  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:24:38.0413 2268  HTTP - ok
15:24:38.0471 2268  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:24:38.0472 2268  hwpolicy - ok
15:24:38.0491 2268  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:24:38.0492 2268  i8042prt - ok
15:24:38.0504 2268  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:24:38.0509 2268  iaStorV - ok
15:24:38.0539 2268  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:24:38.0556 2268  idsvc - ok
15:24:38.0683 2268  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:24:38.0776 2268  igfx - ok
15:24:38.0799 2268  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:24:38.0799 2268  iirsp - ok
15:24:38.0822 2268  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:24:38.0839 2268  IKEEXT - ok
15:24:38.0849 2268  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:24:38.0850 2268  intelide - ok
15:24:38.0864 2268  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:24:38.0865 2268  intelppm - ok
15:24:38.0900 2268  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:24:38.0901 2268  IPBusEnum - ok
15:24:38.0936 2268  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:24:38.0937 2268  IpFilterDriver - ok
15:24:38.0984 2268  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:24:38.0999 2268  iphlpsvc - ok
15:24:39.0030 2268  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:24:39.0031 2268  IPMIDRV - ok
15:24:39.0045 2268  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:24:39.0046 2268  IPNAT - ok
15:24:39.0097 2268  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:24:39.0113 2268  iPod Service - ok
15:24:39.0136 2268  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:24:39.0136 2268  IRENUM - ok
15:24:39.0149 2268  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:24:39.0149 2268  isapnp - ok
15:24:39.0206 2268  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:24:39.0208 2268  iScsiPrt - ok
15:24:39.0222 2268  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:24:39.0223 2268  kbdclass - ok
15:24:39.0243 2268  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:24:39.0243 2268  kbdhid - ok
15:24:39.0343 2268  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:24:39.0343 2268  KeyIso - ok
15:24:39.0375 2268  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:24:39.0376 2268  KSecDD - ok
15:24:39.0410 2268  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:24:39.0412 2268  KSecPkg - ok
15:24:39.0421 2268  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:24:39.0422 2268  ksthunk - ok
15:24:39.0446 2268  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:24:39.0450 2268  KtmRm - ok
15:24:39.0495 2268  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:24:39.0498 2268  LanmanServer - ok
15:24:39.0543 2268  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:24:39.0545 2268  LanmanWorkstation - ok
15:24:39.0578 2268  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:24:39.0579 2268  lltdio - ok
15:24:39.0605 2268  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:24:39.0609 2268  lltdsvc - ok
15:24:39.0625 2268  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:24:39.0626 2268  lmhosts - ok
15:24:39.0658 2268  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:24:39.0659 2268  LSI_FC - ok
15:24:39.0663 2268  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:24:39.0664 2268  LSI_SAS - ok
15:24:39.0672 2268  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:24:39.0673 2268  LSI_SAS2 - ok
15:24:39.0682 2268  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:24:39.0683 2268  LSI_SCSI - ok
15:24:39.0713 2268  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:24:39.0714 2268  luafv - ok
15:24:39.0757 2268  [ 07389F6925E490D2DB7882110E99921C ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
15:24:39.0757 2268  lvpepf64 - ok
15:24:39.0779 2268  [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
15:24:39.0796 2268  LVRS64 - ok
15:24:39.0870 2268  [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
15:24:39.0871 2268  LVUSBS64 - ok
15:24:39.0932 2268  [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
15:24:39.0933 2268  ManyCam - ok
15:24:39.0996 2268  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:24:39.0996 2268  MBAMProtector - ok
15:24:40.0073 2268  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:24:40.0076 2268  MBAMScheduler - ok
15:24:40.0122 2268  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:24:40.0137 2268  MBAMService - ok
15:24:40.0144 2268  [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
15:24:40.0145 2268  mcaudrv_simple - ok
15:24:40.0242 2268  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
15:24:40.0245 2268  McComponentHostService - ok
15:24:40.0255 2268  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:24:40.0256 2268  megasas - ok
15:24:40.0269 2268  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:24:40.0271 2268  MegaSR - ok
15:24:40.0296 2268  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:24:40.0298 2268  MMCSS - ok
15:24:40.0311 2268  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:24:40.0311 2268  Modem - ok
15:24:40.0362 2268  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:24:40.0362 2268  monitor - ok
15:24:40.0409 2268  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
15:24:40.0410 2268  mouclass - ok
15:24:40.0437 2268  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:24:40.0438 2268  mouhid - ok
15:24:40.0469 2268  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:24:40.0470 2268  mountmgr - ok
15:24:40.0534 2268  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:24:40.0535 2268  MozillaMaintenance - ok
15:24:40.0552 2268  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:24:40.0554 2268  mpio - ok
15:24:40.0570 2268  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:24:40.0571 2268  mpsdrv - ok
15:24:40.0614 2268  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:24:40.0631 2268  MpsSvc - ok
15:24:40.0659 2268  [ CD22D2563039DDA6793F7624719363A7 ] MQAC            C:\Windows\system32\drivers\mqac.sys
15:24:40.0661 2268  MQAC - ok
15:24:40.0697 2268  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:24:40.0699 2268  MRxDAV - ok
15:24:40.0730 2268  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:24:40.0732 2268  mrxsmb - ok
15:24:40.0746 2268  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:24:40.0749 2268  mrxsmb10 - ok
15:24:40.0786 2268  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:24:40.0788 2268  mrxsmb20 - ok
15:24:40.0811 2268  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:24:40.0811 2268  msahci - ok
15:24:40.0826 2268  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:24:40.0827 2268  msdsm - ok
15:24:40.0838 2268  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:24:40.0839 2268  MSDTC - ok
15:24:40.0855 2268  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:24:40.0856 2268  Msfs - ok
15:24:40.0864 2268  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:24:40.0864 2268  mshidkmdf - ok
15:24:40.0912 2268  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:24:40.0912 2268  msisadrv - ok
15:24:40.0943 2268  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:24:40.0944 2268  MSiSCSI - ok
15:24:40.0946 2268  msiserver - ok
15:24:40.0967 2268  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:24:40.0967 2268  MSKSSRV - ok
15:24:40.0978 2268  [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ            C:\Windows\system32\mqsvc.exe
15:24:40.0978 2268  MSMQ - ok
15:24:40.0991 2268  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:24:40.0992 2268  MSPCLOCK - ok
15:24:40.0996 2268  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:24:40.0996 2268  MSPQM - ok
15:24:41.0035 2268  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:24:41.0038 2268  MsRPC - ok
15:24:41.0052 2268  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:24:41.0052 2268  mssmbios - ok
15:24:41.0067 2268  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:24:41.0068 2268  MSTEE - ok
15:24:41.0076 2268  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:24:41.0076 2268  MTConfig - ok
15:24:41.0095 2268  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:24:41.0096 2268  Mup - ok
15:24:41.0133 2268  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:24:41.0139 2268  napagent - ok
15:24:41.0160 2268  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:24:41.0163 2268  NativeWifiP - ok
15:24:41.0233 2268  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:24:41.0250 2268  NDIS - ok
15:24:41.0260 2268  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:24:41.0260 2268  NdisCap - ok
15:24:41.0283 2268  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:24:41.0283 2268  NdisTapi - ok
15:24:41.0317 2268  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:24:41.0318 2268  Ndisuio - ok
15:24:41.0365 2268  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:24:41.0367 2268  NdisWan - ok
15:24:41.0406 2268  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:24:41.0407 2268  NDProxy - ok
15:24:41.0414 2268  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:24:41.0414 2268  NetBIOS - ok
15:24:41.0468 2268  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:24:41.0470 2268  NetBT - ok
15:24:41.0476 2268  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:24:41.0476 2268  Netlogon - ok
15:24:41.0509 2268  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:24:41.0512 2268  Netman - ok
15:24:41.0570 2268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:24:41.0603 2268  NetMsmqActivator - ok
15:24:41.0606 2268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:24:41.0607 2268  NetPipeActivator - ok
15:24:41.0629 2268  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:24:41.0634 2268  netprofm - ok
15:24:41.0637 2268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:24:41.0638 2268  NetTcpActivator - ok
15:24:41.0640 2268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:24:41.0641 2268  NetTcpPortSharing - ok
15:24:41.0668 2268  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:24:41.0668 2268  nfrd960 - ok
15:24:41.0687 2268  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:24:41.0689 2268  NlaSvc - ok
15:24:41.0695 2268  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:24:41.0696 2268  Npfs - ok
15:24:41.0707 2268  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:24:41.0708 2268  nsi - ok
15:24:41.0712 2268  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:24:41.0713 2268  nsiproxy - ok
15:24:41.0777 2268  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:24:41.0803 2268  Ntfs - ok
15:24:41.0807 2268  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:24:41.0807 2268  Null - ok
15:24:41.0850 2268  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:24:41.0852 2268  nvraid - ok
15:24:41.0866 2268  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:24:41.0867 2268  nvstor - ok
15:24:41.0877 2268  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:24:41.0879 2268  nv_agp - ok
15:24:41.0911 2268  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:24:41.0912 2268  ohci1394 - ok
15:24:41.0930 2268  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:24:41.0934 2268  p2pimsvc - ok
15:24:41.0950 2268  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:24:41.0955 2268  p2psvc - ok
15:24:41.0970 2268  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:24:41.0971 2268  Parport - ok
15:24:42.0013 2268  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:24:42.0014 2268  partmgr - ok
15:24:42.0027 2268  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:24:42.0029 2268  PcaSvc - ok
15:24:42.0040 2268  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:24:42.0042 2268  pci - ok
15:24:42.0085 2268  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:24:42.0086 2268  pciide - ok
15:24:42.0105 2268  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:24:42.0107 2268  pcmcia - ok
15:24:42.0126 2268  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:24:42.0127 2268  pcw - ok
15:24:42.0147 2268  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:24:42.0164 2268  PEAUTH - ok
15:24:42.0239 2268  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:24:42.0240 2268  PerfHost - ok
15:24:42.0321 2268  [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
15:24:42.0363 2268  PID_PEPI - ok
15:24:42.0422 2268  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:24:42.0446 2268  pla - ok
15:24:42.0497 2268  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:24:42.0502 2268  PlugPlay - ok
15:24:42.0533 2268  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:24:42.0534 2268  PNRPAutoReg - ok
15:24:42.0547 2268  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:24:42.0549 2268  PNRPsvc - ok
15:24:42.0588 2268  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:24:42.0593 2268  PolicyAgent - ok
15:24:42.0615 2268  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:24:42.0618 2268  Power - ok
15:24:42.0665 2268  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:24:42.0666 2268  PptpMiniport - ok
15:24:42.0695 2268  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:24:42.0696 2268  Processor - ok
15:24:42.0743 2268  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:24:42.0746 2268  ProfSvc - ok
15:24:42.0751 2268  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:24:42.0751 2268  ProtectedStorage - ok
15:24:42.0799 2268  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:24:42.0801 2268  Psched - ok
15:24:42.0833 2268  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:24:42.0859 2268  ql2300 - ok
15:24:42.0878 2268  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:24:42.0879 2268  ql40xx - ok
15:24:42.0892 2268  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:24:42.0894 2268  QWAVE - ok
15:24:42.0904 2268  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:24:42.0905 2268  QWAVEdrv - ok
15:24:42.0918 2268  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:24:42.0918 2268  RasAcd - ok
15:24:42.0955 2268  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:24:42.0955 2268  RasAgileVpn - ok
15:24:42.0966 2268  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:24:42.0967 2268  RasAuto - ok
15:24:43.0003 2268  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:24:43.0004 2268  Rasl2tp - ok
15:24:43.0059 2268  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:24:43.0063 2268  RasMan - ok
15:24:43.0071 2268  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:24:43.0072 2268  RasPppoe - ok
15:24:43.0075 2268  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:24:43.0076 2268  RasSstp - ok
15:24:43.0111 2268  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:24:43.0114 2268  rdbss - ok
15:24:43.0122 2268  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:24:43.0123 2268  rdpbus - ok
15:24:43.0137 2268  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:24:43.0137 2268  RDPCDD - ok
15:24:43.0161 2268  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:24:43.0161 2268  RDPENCDD - ok
15:24:43.0171 2268  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:24:43.0171 2268  RDPREFMP - ok
15:24:43.0206 2268  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:24:43.0208 2268  RDPWD - ok
15:24:43.0248 2268  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:24:43.0250 2268  rdyboost - ok
15:24:43.0273 2268  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:24:43.0274 2268  RemoteAccess - ok
15:24:43.0283 2268  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:24:43.0285 2268  RemoteRegistry - ok
15:24:43.0306 2268  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:24:43.0308 2268  RpcEptMapper - ok
15:24:43.0323 2268  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:24:43.0324 2268  RpcLocator - ok
15:24:43.0370 2268  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:24:43.0373 2268  RpcSs - ok
15:24:43.0386 2268  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:24:43.0387 2268  rspndr - ok
15:24:43.0456 2268  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:24:43.0471 2268  RTL8167 - ok
15:24:43.0492 2268  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:24:43.0493 2268  SamSs - ok
15:24:43.0531 2268  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:24:43.0532 2268  sbp2port - ok
15:24:43.0547 2268  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:24:43.0550 2268  SCardSvr - ok
15:24:43.0599 2268  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:24:43.0599 2268  scfilter - ok
15:24:43.0658 2268  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:24:43.0674 2268  Schedule - ok
15:24:43.0737 2268  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:24:43.0737 2268  SCPolicySvc - ok
15:24:43.0786 2268  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:24:43.0788 2268  SDRSVC - ok
15:24:43.0840 2268  SDScannerService - ok
15:24:43.0901 2268  [ 6B859B122E85C2C833E6D8C5DC4B07F3 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:24:43.0927 2268  SDUpdateService - ok
15:24:43.0944 2268  [ 59DCE6783F9ED27EB72C81466E363BF8 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:24:43.0945 2268  SDWSCService - ok
15:24:43.0965 2268  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:24:43.0965 2268  secdrv - ok
15:24:43.0999 2268  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:24:44.0000 2268  seclogon - ok
15:24:44.0005 2268  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:24:44.0006 2268  SENS - ok
15:24:44.0033 2268  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:24:44.0034 2268  SensrSvc - ok
15:24:44.0046 2268  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:24:44.0046 2268  Serenum - ok
15:24:44.0058 2268  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:24:44.0059 2268  Serial - ok
15:24:44.0092 2268  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:24:44.0092 2268  sermouse - ok
15:24:44.0138 2268  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:24:44.0140 2268  SessionEnv - ok
15:24:44.0168 2268  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:24:44.0168 2268  sffdisk - ok
15:24:44.0178 2268  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:24:44.0179 2268  sffp_mmc - ok
15:24:44.0190 2268  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:24:44.0191 2268  sffp_sd - ok
15:24:44.0201 2268  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:24:44.0202 2268  sfloppy - ok
15:24:44.0226 2268  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:24:44.0230 2268  SharedAccess - ok
15:24:44.0281 2268  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:24:44.0286 2268  ShellHWDetection - ok
15:24:44.0313 2268  [ E9E830D540EDEDED650F906628468548 ] simptcp         C:\Windows\System32\tcpsvcs.exe
15:24:44.0314 2268  simptcp - ok
15:24:44.0331 2268  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:24:44.0332 2268  SiSRaid2 - ok
15:24:44.0347 2268  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:24:44.0348 2268  SiSRaid4 - ok
15:24:44.0373 2268  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:24:44.0374 2268  Smb - ok
15:24:44.0412 2268  [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP            C:\Windows\System32\snmp.exe
15:24:44.0413 2268  SNMP - ok
15:24:44.0435 2268  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:24:44.0436 2268  SNMPTRAP - ok
15:24:44.0443 2268  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:24:44.0444 2268  spldr - ok
15:24:44.0484 2268  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:24:44.0500 2268  Spooler - ok
15:24:44.0585 2268  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:24:44.0644 2268  sppsvc - ok
15:24:44.0656 2268  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:24:44.0658 2268  sppuinotify - ok
15:24:44.0699 2268  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:24:44.0704 2268  srv - ok
15:24:44.0744 2268  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:24:44.0748 2268  srv2 - ok
15:24:44.0781 2268  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:24:44.0783 2268  srvnet - ok
15:24:44.0804 2268  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:24:44.0806 2268  SSDPSRV - ok
15:24:44.0818 2268  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:24:44.0820 2268  SstpSvc - ok
15:24:44.0832 2268  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:24:44.0833 2268  stexstor - ok
15:24:44.0892 2268  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:24:44.0907 2268  stisvc - ok
15:24:44.0939 2268  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:24:44.0939 2268  swenum - ok
15:24:44.0960 2268  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:24:44.0966 2268  swprv - ok
15:24:45.0034 2268  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:24:45.0068 2268  SysMain - ok
15:24:45.0111 2268  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:24:45.0113 2268  TabletInputService - ok
15:24:45.0150 2268  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:24:45.0154 2268  TapiSrv - ok
15:24:45.0179 2268  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:24:45.0180 2268  TBS - ok
15:24:45.0224 2268  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:24:45.0258 2268  Tcpip - ok
15:24:45.0303 2268  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:24:45.0310 2268  TCPIP6 - ok
15:24:45.0361 2268  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:24:45.0361 2268  tcpipreg - ok
15:24:45.0373 2268  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:24:45.0373 2268  TDPIPE - ok
15:24:45.0409 2268  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:24:45.0409 2268  TDTCP - ok
15:24:45.0454 2268  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:24:45.0456 2268  tdx - ok
15:24:45.0466 2268  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:24:45.0467 2268  TermDD - ok
15:24:45.0512 2268  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:24:45.0516 2268  TermService - ok
15:24:45.0526 2268  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:24:45.0527 2268  Themes - ok
15:24:45.0554 2268  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:24:45.0555 2268  THREADORDER - ok
15:24:45.0567 2268  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:24:45.0570 2268  TrkWks - ok
15:24:45.0633 2268  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:24:45.0635 2268  TrustedInstaller - ok
15:24:45.0672 2268  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:24:45.0673 2268  tssecsrv - ok
15:24:45.0714 2268  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:24:45.0715 2268  TsUsbFlt - ok
15:24:45.0760 2268  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:24:45.0761 2268  tunnel - ok
15:24:45.0770 2268  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:24:45.0771 2268  uagp35 - ok
15:24:45.0815 2268  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:24:45.0819 2268  udfs - ok
15:24:45.0829 2268  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:24:45.0831 2268  UI0Detect - ok
15:24:45.0847 2268  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:24:45.0848 2268  uliagpkx - ok
15:24:45.0880 2268  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:24:45.0881 2268  umbus - ok
15:24:45.0897 2268  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:24:45.0897 2268  UmPass - ok
15:24:45.0918 2268  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:24:45.0922 2268  upnphost - ok
15:24:45.0954 2268  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:24:45.0955 2268  USBAAPL64 - ok
15:24:45.0995 2268  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:24:45.0996 2268  usbaudio - ok
15:24:46.0005 2268  usbbus - ok
15:24:46.0018 2268  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:24:46.0019 2268  usbccgp - ok
15:24:46.0068 2268  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:24:46.0070 2268  usbcir - ok
15:24:46.0073 2268  UsbDiag - ok
15:24:46.0087 2268  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:24:46.0087 2268  usbehci - ok
15:24:46.0101 2268  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:24:46.0105 2268  usbhub - ok
15:24:46.0108 2268  USBModem - ok
15:24:46.0117 2268  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:24:46.0118 2268  usbohci - ok
15:24:46.0129 2268  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:24:46.0130 2268  usbprint - ok
15:24:46.0144 2268  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:24:46.0145 2268  USBSTOR - ok
15:24:46.0152 2268  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:24:46.0153 2268  usbuhci - ok
15:24:46.0159 2268  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:24:46.0160 2268  UxSms - ok
15:24:46.0167 2268  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:24:46.0168 2268  VaultSvc - ok
15:24:46.0176 2268  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:24:46.0177 2268  vdrvroot - ok
15:24:46.0224 2268  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:24:46.0238 2268  vds - ok
15:24:46.0242 2268  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:24:46.0243 2268  vga - ok
15:24:46.0290 2268  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:24:46.0291 2268  VgaSave - ok
15:24:46.0306 2268  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:24:46.0308 2268  vhdmp - ok
15:24:46.0325 2268  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:24:46.0326 2268  viaide - ok
15:24:46.0356 2268  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:24:46.0357 2268  volmgr - ok
15:24:46.0400 2268  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:24:46.0403 2268  volmgrx - ok
15:24:46.0452 2268  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:24:46.0454 2268  volsnap - ok
15:24:46.0476 2268  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:24:46.0478 2268  vsmraid - ok
15:24:46.0536 2268  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:24:46.0562 2268  VSS - ok
15:24:46.0678 2268  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
15:24:46.0695 2268  vToolbarUpdater15.2.0 - ok
15:24:46.0702 2268  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:24:46.0703 2268  vwifibus - ok
15:24:46.0724 2268  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:24:46.0729 2268  W32Time - ok
15:24:46.0816 2268  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
15:24:46.0820 2268  W3SVC - ok
15:24:46.0830 2268  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:24:46.0830 2268  WacomPen - ok
15:24:46.0855 2268  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:24:46.0856 2268  WANARP - ok
15:24:46.0859 2268  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:24:46.0859 2268  Wanarpv6 - ok
15:24:46.0899 2268  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
15:24:46.0901 2268  WAS - ok
15:24:46.0956 2268  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:24:46.0981 2268  wbengine - ok
15:24:46.0996 2268  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:24:46.0999 2268  WbioSrvc - ok
15:24:47.0041 2268  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:24:47.0045 2268  wcncsvc - ok
15:24:47.0059 2268  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:24:47.0060 2268  WcsPlugInService - ok
15:24:47.0072 2268  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:24:47.0072 2268  Wd - ok
15:24:47.0117 2268  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:24:47.0133 2268  Wdf01000 - ok
15:24:47.0141 2268  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:24:47.0142 2268  WdiServiceHost - ok
15:24:47.0145 2268  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:24:47.0146 2268  WdiSystemHost - ok
15:24:47.0184 2268  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:24:47.0187 2268  WebClient - ok
15:24:47.0196 2268  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:24:47.0199 2268  Wecsvc - ok
15:24:47.0210 2268  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:24:47.0212 2268  wercplsupport - ok
15:24:47.0237 2268  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:24:47.0239 2268  WerSvc - ok
15:24:47.0248 2268  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:24:47.0249 2268  WfpLwf - ok
15:24:47.0258 2268  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:24:47.0259 2268  WIMMount - ok
15:24:47.0277 2268  WinDefend - ok
15:24:47.0288 2268  WinHttpAutoProxySvc - ok
15:24:47.0328 2268  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:24:47.0330 2268  Winmgmt - ok
15:24:47.0394 2268  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:24:47.0427 2268  WinRM - ok
15:24:47.0485 2268  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:24:47.0486 2268  WinUsb - ok
15:24:47.0521 2268  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:24:47.0537 2268  Wlansvc - ok
15:24:47.0593 2268  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:24:47.0593 2268  WmiAcpi - ok
15:24:47.0611 2268  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:24:47.0613 2268  wmiApSrv - ok
15:24:47.0626 2268  WMPNetworkSvc - ok
15:24:47.0634 2268  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:24:47.0636 2268  WPCSvc - ok
15:24:47.0672 2268  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:24:47.0675 2268  WPDBusEnum - ok
15:24:47.0696 2268  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:24:47.0697 2268  ws2ifsl - ok
15:24:47.0707 2268  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:24:47.0709 2268  wscsvc - ok
15:24:47.0711 2268  WSearch - ok
15:24:47.0770 2268  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:24:47.0813 2268  wuauserv - ok
15:24:47.0854 2268  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:24:47.0855 2268  WudfPf - ok
15:24:47.0866 2268  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:24:47.0868 2268  WUDFRd - ok
15:24:47.0900 2268  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:24:47.0902 2268  wudfsvc - ok
15:24:47.0942 2268  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:24:47.0945 2268  WwanSvc - ok
15:24:47.0957 2268  ================ Scan global ===============================
15:24:47.0981 2268  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:24:48.0019 2268  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:24:48.0026 2268  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:24:48.0053 2268  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:24:48.0084 2268  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:24:48.0086 2268  [Global] - ok
15:24:48.0087 2268  ================ Scan MBR ==================================
15:24:48.0099 2268  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:24:48.0396 2268  \Device\Harddisk0\DR0 - ok
15:24:48.0396 2268  ================ Scan VBR ==================================
15:24:48.0409 2268  [ 484A47BFFB2F4027B9746CC1427EEE0E ] \Device\Harddisk0\DR0\Partition1
15:24:48.0410 2268  \Device\Harddisk0\DR0\Partition1 - ok
15:24:48.0412 2268  [ 28E9DFEBE6FAB3EA865FEE28F8BB792A ] \Device\Harddisk0\DR0\Partition2
15:24:48.0413 2268  \Device\Harddisk0\DR0\Partition2 - ok
15:24:48.0413 2268  ============================================================
15:24:48.0413 2268  Scan finished
15:24:48.0413 2268  ============================================================
15:24:48.0419 1076  Detected object count: 0
15:24:48.0419 1076  Actual detected object count: 0
 

___________________________________________________________________________________

 

 

ComboFix 13-06-26.01 - kidd 06/26/2013  15:33:26.1.4 - x64 NETWORK
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.8061.6880 [GMT -4:00]
Running from: c:\users\kidd\AppData\Local\Temp\IS1971~1\65760516_Setup.EXE
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperArbitraryInstaller.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\Updater.msi
c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
c:\users\kidd\AppData\Local\ArcadeCandy\caNDyex.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-26 to 2013-06-26  )))))))))))))))))))))))))))))))
.
.
2013-06-26 19:31 . 2013-06-26 19:31    --------    d-----w-    c:\program files (x86)\Check Point Software Technologies LTD
2013-06-26 19:31 . 2013-06-26 19:31    --------    d-----w-    c:\users\kidd\AppData\Roaming\Check Point Software Technologies LTD
2013-06-26 19:31 . 2013-06-26 19:31    --------    d-----w-    c:\users\kidd\AppData\Roaming\24x7 Help
2013-06-26 19:31 . 2013-06-26 19:31    --------    d-----w-    c:\program files (x86)\CheckPoint
2013-06-26 19:31 . 2013-06-26 19:31    --------    d-----w-    c:\programdata\CheckPoint
2013-06-26 19:30 . 2013-06-26 19:30    --------    d-----w-    c:\users\kidd\AppData\Local\Wajam
2013-06-26 19:30 . 2013-06-26 19:30    --------    d-----w-    c:\program files (x86)\24x7Help
2013-06-26 19:30 . 2013-06-26 19:31    --------    d-----w-    c:\users\kidd\AppData\Local\getsav-in
2013-06-26 19:30 . 2013-06-26 19:30    --------    d-----w-    c:\users\kidd\AppData\Roaming\PCFixSpeed
2013-06-26 19:30 . 2013-06-26 19:30    --------    d-----w-    c:\programdata\PCFixSpeed
2013-06-26 19:30 . 2013-06-26 19:31    --------    d-----w-    c:\program files (x86)\Wajam
2013-06-26 19:30 . 2013-06-26 19:30    --------    d-----w-    c:\program files (x86)\PCFixSpeed
2013-06-26 08:40 . 2013-06-17 06:10    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3141E4A5-92C3-4191-B3B8-9D932AB7CBE0}\mpengine.dll
2013-06-26 00:32 . 2013-06-26 01:32    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-25 22:27 . 2013-06-25 22:27    --------    d-----w-    c:\programdata\PC Drivers HeadQuarters
2013-06-25 15:49 . 2013-06-25 15:49    --------    d-----w-    c:\users\kidd\AppData\Local\ESET
2013-06-25 15:34 . 2013-06-25 15:34    --------    d-----w-    c:\program files\ESET
2013-06-25 15:28 . 2013-06-25 15:28    --------    d-----w-    c:\users\kidd\AppData\Roaming\TuneUp Software
2013-06-14 16:11 . 2013-06-14 16:11    --------    d-----w-    c:\program files\WinRAR
2013-06-12 19:15 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-09 00:53 . 2013-06-09 00:53    --------    d-----w-    c:\users\kidd\AppData\Local\pinger.com
2013-06-09 00:53 . 2013-06-09 00:53    --------    d-----w-    c:\users\kidd\AppData\Local\Caphyon
2013-06-09 00:53 . 2013-06-09 00:53    --------    d-----w-    c:\program files (x86)\Pinger
2013-06-09 00:52 . 2013-06-09 00:52    --------    d-----w-    c:\users\kidd\AppData\Roaming\Pinger Inc
2013-06-08 23:51 . 2013-06-08 23:51    --------    d-----w-    c:\users\kidd\fontconfig
2013-06-06 20:56 . 2013-06-06 21:03    --------    d-----w-    c:\users\kidd\AppData\Local\Microsoft Games
2013-06-05 20:46 . 2013-06-05 20:46    --------    d-----w-    c:\users\kidd\AppData\Roaming\Canneverbe Limited
2013-06-05 20:46 . 2013-06-05 20:46    --------    d-----w-    c:\programdata\Canneverbe Limited
2013-06-05 20:45 . 2013-06-05 20:45    --------    d-----w-    c:\program files (x86)\CDBurnerXP
2013-06-05 20:42 . 2013-06-05 20:42    --------    d-----w-    c:\program files (x86)\Emicsoft Studio
2013-06-05 20:38 . 2013-06-09 23:38    --------    d-----w-    c:\users\kidd\AppData\Roaming\dvdcss
2013-06-05 19:22 . 2013-06-05 19:22    --------    d-----w-    c:\users\kidd\AppData\Roaming\AnvSoft
2013-06-05 18:59 . 2011-11-28 18:51    33872    ----a-w-    c:\windows\system32\drivers\anvsnddrv.sys
2013-06-05 18:59 . 2013-06-05 18:59    --------    d-----w-    c:\program files (x86)\AnvSoft
2013-06-05 15:25 . 2013-06-25 17:30    --------    d-----w-    c:\users\kidd\AppData\Roaming\Search Protection
2013-06-05 15:20 . 2013-06-25 22:23    --------    d-----w-    c:\users\kidd\AppData\Roaming\uTorrent
2013-06-03 20:56 . 2009-01-25 17:14    17272    ----a-w-    c:\windows\system32\sdnclean64.exe
2013-05-29 01:25 . 2013-05-29 01:25    --------    d-----w-    c:\users\kidd\AppData\Local\Facebook
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 00:59 . 2012-08-23 17:31    4194304    ----a-w-    c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-06-13 01:02 . 2012-08-09 16:30    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-12 04:04 . 2012-08-09 20:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:04 . 2012-08-09 20:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 01:58 . 2012-08-23 20:53    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-05-08 06:10 . 2012-04-23 21:21    770384    ----a-w-    c:\windows\SysWow64\msvcr100.dll
2013-05-08 06:10 . 2012-04-23 21:21    421200    ----a-w-    c:\windows\SysWow64\msvcp100.dll
2013-04-13 05:49 . 2013-05-15 19:16    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 19:16    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 19:16    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 19:16    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 19:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 19:16    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:40    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 19:16    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 19:16    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 19:16    3153920    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7f3f960e-a836-45ca-8911-0accb522246e}"= "c:\program files (x86)\Vafmusic2\prxtbVafm.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7f3f960e-a836-45ca-8911-0accb522246e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7f3f960e-a836-45ca-8911-0accb522246e}]
2013-04-10 10:19    231712    ----a-w-    c:\program files (x86)\Vafmusic2\prxtbVafm.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-29 01:58    1991344    ----a-w-    c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EB3BACA1-07C8-49C3-A005-0EA90023D5AE}]
2013-06-26 19:25    78648    ----a-w-    c:\users\kidd\AppData\Local\getsav-in\ie\getsav-in_1372274702.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-29 1991344]
"{7f3f960e-a836-45ca-8911-0accb522246e}"= "c:\program files (x86)\Vafmusic2\prxtbVafm.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{7f3f960e-a836-45ca-8911-0accb522246e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2012-08-17 3534264]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-22 39408]
"Driver Restore"="c:\program files (x86)\Driver Restore\Driver Restore\DriverRestore.exe" [2012-10-12 3522488]
"BYR_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-12-10 392320]
"SearchProtect"="c:\users\kidd\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"BackupAgent"="c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe" [2013-03-19 197448]
"Facebook Update"="c:\users\kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-29 138096]
"Pinger"="c:\program files (x86)\Pinger\Pinger.exe" [2013-04-30 10289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-29 1226928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"SMessaging"="c:\users\kidd\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
"PCFixSpeed"="c:\program files (x86)\PCFixSpeed\PCFixTray.exe" [2013-03-20 384088]
"24x7HELP"="c:\program files (x86)\24x7Help\App24x7Help.exe" [2013-03-20 1773648]
.
c:\users\kidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\kidd\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
StrongVaultApp.lnk - c:\users\kidd\AppData\Local\Strongvault\StrongVaultApp.exe [2013-3-19 400712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe;c:\program files (x86)\24x7Help\App24x7Svc.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 20:40    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 04:04]
.
2013-06-25 c:\windows\Tasks\CandyUpdater.job
- c:\users\kidd\AppData\Local\ArcadeCandy\candyUpdater.exe [2013-01-28 19:56]
.
2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2223149679-675425120-3915631555-1000Core.job
- c:\users\kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-29 01:25]
.
2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2223149679-675425120-3915631555-1000UA.job
- c:\users\kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-29 01:25]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-22 15:30]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-22 15:30]
.
2013-06-25 c:\windows\Tasks\Sing Along Update.job
- c:\program files (x86)\SingAlong\SingalngUpdater.exe [2013-05-10 08:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN40151088772504321&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3294791&ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=5610671689b9441fa07ce3555fba4a39&tu=11LG0008k2B0008&sku=&tstsId=&ver=&
FF - ExtSQL: 2013-05-18 19:36; [email protected]; c:\program files (x86)\SingAlong\FF
FF - ExtSQL: 2013-05-18 19:36; {739df940-c5ee-4bab-9d7e-270894ae687a}; c:\users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-05-19 01:42; {7f3f960e-a836-45ca-8911-0accb522246e}; c:\users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
FF - ExtSQL: 2013-05-19 01:43; {3bebc7be-9bfc-4393-ae38-1522b21b34b9}; c:\users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{3bebc7be-9bfc-4393-ae38-1522b21b34b9}
# Mozilla User Preferences
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
FF - user.js:  - versionFro
FF - user.js: CT3289847.1000082.isPlayDisplay - true
FF - user.js: CT3289847.1000082.state - {\state\:\stopped\,\text\:\1.fm (cou...\,\description\:\1.fm (country)\,\url\:\hxxp://1.fm/wm/energycountry32k.asx\}
FF - user.js: CT3289847.ENABALE_HISTORY - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.FF19Solved - true
FF - user.js: CT3289847.FirstTime - true
FF - user.js: CT3289847.FirstTimeFF3 - true
FF - user.js: CT3289847.PG_ENABLE - dHJ1ZQ==
FF - user.js: CT3289847.PG_ENABLE.enc - dHJ1ZQ==
FF - user.js: CT3289847.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: CT3289847.UserID - UN12415494822172248
FF - user.js: CT3289847.addressBarTakeOverEnabledInHidden - true
FF - user.js: CT3289847.browser.search.defaultthis.engineName - true
FF - user.js: CT3289847.cbfirsttime.enc - U2F0IE1heSAxOCAyMDEzIDE5OjQzOjMwIEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp
FF - user.js: CT3289847.defaultSearch - true
FF - user.js: CT3289847.embeddedsData - [{\appId\:\130068661007799818\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:true,\instantAlert\:true,\jsInjection\:true,\sslGranted\:true},\onBeforeLoadData\:\{\\\view\\\:{\\\html\\\:\\\<table id=\\\\\\\main\\\\\\\ class=\\\\\\\mainwrapper\\\\\\\ cellpadding=\\\\\\\0\\\\\\\ cellspacing=\\\\\\\0\\\\\\\>\\\\n    <tbody><tr>\\\\n        <!-- don't remove the width=\\\\\\\100%\\\\\\\ bug in chrome the width become in px-->\\\\n        <td id=\\\\\\\textboxWrapper\\\\\\\ style=\\\\\\\width: 100%; background: none repeat scroll 0% 0% rgb(255, 255, 255);\\\\\\\ width=\\\\\\\100%\\\\\\\>\\\\n            <!-- take focuse in IE -->\\\\n            <!--[if ie]>\\\\n            <form onsubmit =\\\\\\\return false;\\\\\\\ action=\\\\\\\#\\\\\\\>\\\\n            <![endif]-->\\\\n            <input style=\\\\\\\color: rgb(0, 0, 0); background: none repeat scroll 0% 0% rgb(255, 255, 255); min-width: 137px; max-width: 464px; width: 100%;\\\\\\\ id=\\\\\\\textbox\\\\\\\ type=\\\\\\\text\\\\\\\>\\\\n            <!--[if ie]>\\\\n            </form>\\\\n            <![endif]-->\\\\n        </td>\\\\n        <td style=\\\\\\\display: table-cell; background: none repeat scroll 0% 0% rgb(255, 255, 255);\\\\\\\ id=\\\\\\\infoPopupButtonWrapper\\\\\\\>\\\\n            <div style=\\\\\\\display: block;\\\\\\\ id=\\\\\\\infoPopupButton\\\\\\\ class=\\\\\\\dropdownButtonTextbox no-select\\\\\\\></div>\\\\n        </td>\\\\n        <td id=\\\\\\\engineWrapperContainer\\\\\\\>\\\\n            <table cellpadding=\\\\\\\0\\\\\\\ cellspacing=\\\\\\\0\\\\\\\>\\\\n                <tbody><tr>\\\\n                    <td id=\\\\\\\imageTextWrapperContainer\\\\\\\>\\\\n                        <table cellpadding=\\\\\\\0\\\\\\\ cellspacing=\\\\\\\0\\\\\\\>\\\\n                            <tbody><tr>\\\\n                                <td style=\\\\\\\display: table-cell;\\\\\\\ id=\\\\\\\engineWrapper\\\\\\\><img style=\\\\\\\display: block\\\\\\\ id=\\\\\\\engineImage\\\\\\\ alt=\\\\\\\\\\\\\\ src=\\\\\\\hxxp://storage.conduit.com/94/300/CT3007394/images/634650152257339187_20PX.png\\\\\\\ onerror=\\\\\\\javascript: this.src='http://storage.conduit.com/images/searchengines/go_btn_new.gif'\\\\\\\></td>\\\\n                                <td style=\\\\\\\display: table-cell;\\\\\\\ id=\\\\\\\engineTextWrapper\\\\\\\>\\\\n                                    <div title=\\\\\\\Search\\\\\\\ style=\\\\\\\color: rgb(0, 0, 0); font-family: Tahoma; font-weight: normal; font-style: normal; font-size: 11px;\\\\\\\ id=\\\\\\\engineText\\\\\\\>Search</div>\\\\n                                </td>\\\\n                            </tr>\\\\n                        </tbody></table>\\\\n                    </td>\\\\n                    <td id=\\\\\\\enginesPopupButtonWrapper\\\\\\\>\\\\n                        <div id=\\\\\\\enginesPopupButton\\\\\\\ class=\\\\\\\dropdownButton no-select\\\\\\\></div>\\\\n                    </td>\\\\n                </tr>\\\\n            </tbody></table>\\\\n        </td>\\\\n    </tr>\\\\n</tbody></table>\\\},\\\locale\\\:{\\\alignMode\\\:\\\LTR\\\,\\\locale\\\:\\\en\\\,\\\languageAlignMode\\\:\\\LTR\\\}}\},{\appId\:\130068661008267819\,\apiPermissions\:{\crossDomainAjax\:false,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:false,\sslGranted\:false},\originalHeight\:25},{\appId\:\130068661012167824\,\apiPermissions\:{\crossDomainAjax\:false,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:false,\sslGranted\:false},\originalHeight\:28},{\appId\:\130068661012791827\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:false},\originalHeight\:26},{\appId\:\1000082\,\apiPermissions\:{\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:true}},{\appId\:\130068661014663831\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:false},\originalHeight\:24},{\appId\:\4908288088155535248\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:true},\originalHeight\:26},{\appId\:\5192755845322684304\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm\:false,\instantAlert\:true,\jsInjection\:true,\sslGranted\:false},\originalHeight\:26}]
FF - user.js: CT3289847.enableAlerts - true
FF - user.js: CT3289847.enableFix404ByUser - TRUE
FF - user.js: CT3289847.enableSearchFromAddressBar - true
FF - user.js: CT3289847.firstTimeDialogOpened - true
FF - user.js: CT3289847.fixPageNotFoundError - true
FF - user.js: CT3289847.fixPageNotFoundErrorByUser - true
FF - user.js: CT3289847.fixPageNotFoundErrorInHidden - true
FF - user.js: CT3289847.fixUrls - true
FF - user.js: CT3289847.http___api28_starwebnet_com.pid2.enc - YmM5Y2NlOGEtZGZkMC1hZWRiLTY5MzQtNjNhMDY2ODcwOGM1
FF - user.js: CT3289847.http___api31_starwebnet_com.pid2.enc - Mzk4Y2E2YjAtYTlhYi1mZGVhLTkwZGEtZGU1ODQyY2JlN2Nl
FF - user.js: CT3289847.http___api32_starwebnet_com.pid2.enc - NDkwZTQwNzYtNDQ3MC05YzFiLThjMWQtZTVjYTVlYzY5ZDdl
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc - eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc - eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvcXVlcnkiLCJxdWVyeVVybDIiOiJkdW1teSIsInVzZUxvY2FsQ2FjaGUiOiIxIiwidHJpZ2dlclF1ZXJ5U3ViMiI6IjEiLCJjYWNoZUlkIjoiMjAxMjA4MDItMDAwIn0=
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.jw_token.enc - OTk4ZDUxMTktMjFjNy0yNGMyLTVlMTMtNDIwNDRkNjExN2Vl
FF - user.js: CT3289847.http___toolbar_jollywallet_com_tlb_2.key_list_id.enc - MjAxMjA4MDItMDAw
FF - user.js: CT3289847.installDate - 18/5/2013 19:36
FF - user.js: CT3289847.installId - 9818
FF - user.js: CT3289847.installType - conduitnsisintegration
FF - user.js: CT3289847.installUsage - 2013-05-19T02:38.3410824+03:00
FF - user.js: CT3289847.installUsageEarly - 2013-05-19T02:38.0442017+03:00
FF - user.js: CT3289847.installerVersion - 1.4.2.3
FF - user.js: CT3289847.isCheckedStartAsHidden - true
FF - user.js: CT3289847.isEnableAllDialogs - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.isFirstTimeToolbarLoading - false
FF - user.js: CT3289847.isToolbarShrinked - {\dataType\:\string\,\data\:\false\}
FF - user.js: CT3289847.keyword - true
FF - user.js: CT3289847.lastNewTabSettings - {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=ct3289847&octid=ct3289847&searchsource=15&cui=un12415494822172248&sspv=eb_sspv&lay=1&um=2\}
FF - user.js: CT3289847.lastVersion - 10.16.2.509
FF - user.js: CT3289847.mam_gk_appStateReportTime.enc - MTM2ODkyMDYwNDQ3NQ==
FF - user.js: CT3289847.mam_gk_appState_CouponBuddy.enc - b24=
FF - user.js: CT3289847.mam_gk_appState_Easytobook.enc - b24=
FF - user.js: CT3289847.mam_gk_appState_PriceGong.enc - b24=
FF - user.js: CT3289847.mam_gk_appsData.enc - eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJQcmljZUdvbmciLCJhcHBEZXNjIjoieW91ciBvbmxpbmUgc2hvcHBpbmcgYXNzaXN0YW50LiBVc2UgUHJpY2VHb25nIHRvIGZpbmQgdGhlIGJlc3Qgb25saW5lIGRlYWxzIGFuZCBnZXQgb25saW5lIGNvdXBvbnMganVzdCB3aGVuIHlvdSBuZWVkIGl0LiIsInByaXZhY3lQb2xpY3lVcmwiOiJodHRwOi8vd3d3LnByaWNlZ29uZy5jb20vUHJpdmFjeVBvbGljeS5hc3B4IiwidGVybXNPZlVzZVVybCI6Imh0dHA6Ly93d3cucHJpY2Vnb25nLmNvbS9UZXJtc29mVXNlLmFzcHgifSwiY29tcGF0aWJpbGl0eSI6W3sicGxhdGZvcm0iOiJJRV9UQiIsIm1heFZlcnNpb24iOiIwLjAuMC4wIn1dLCJIaWRkZW5BcHAiOmZhbHNlLCJFbmFibGVkSW5IdHRwcyI6ZmFsc2V9LHsiaWQiOiJDb3Vwb25CdWRkeSIsInVybCI6Imh0dHA6Ly93d3cuc29jaWFsZ3Jvd3RodGVjaG5vbG9naWVzLmNvbS9jb3Vwb25idWRkeV92MDAzL2luZGV4LnBocD9jdGlkPUVCVE9PTEJBUklEIiwib3B0aW9uc0RpYWxvZyI6eyJkaXNwbGF5TmFtZSI6IkNvdXBvbkJ1ZGR5IiwiYXBwRGVzYyI6IkNvdXBvbiBCdWRkeSBzYXZlcyB5b3UgbW9uZXkgYnkgc2VydmluZyB5b3UgdGhlIGJlc3QgY291cG9ucyBhbmQgZGVhbHMgYXQgdGhvdXNhbmRzIG9mIHRoZSBsYXJnZXN0IG9ubGluZSBtZXJjaGFudHMuIENvdXBvbiBCdWRkeSByZWNvZ25pemVzIHdoZXJlIHlvdSBhcmUgYnJvd3NpbmcgYW5kIGFsZXJ0cyB5b3Ugb2YgdGhlIGJlc3QgZGVhbHMgcmlnaHQgb24gdGhlIHNpdGUgeW91IGFyZSB2aXNpdGluZy4iLCJwcml2YWN5UG9saWN5VXJsIjoiaHR0cDovL2NiYXBwLmNvbS9wcml2YWN5cG9saWN5LyIsInRlcm1zT2ZVc2VVcmwiOiJodHRwOi8vY2JhcHAuY29tL3ByaXZhY3lwb2xpY3kvIn0sIkhpZGRlbkFwcCI6ZmFsc2UsIkVuYWJsZWRJbkh0dHBzIjpmYWxzZX0seyJpZCI6IkVhc3l0b2Jvb2siLCJ1cmwiOiJodHRwOi8vZWMyLTc5LTEyNS0xNy0yMzEuZXUtd2VzdC0xLmNvbXB1dGUuYW1hem9uYXdzLmNvbS93L3dlYi93aWRnZXQuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJFYXN5dG9ib29rIiwiYXBwRGVzYyI6IlNtYXJ0IHByaWNpbmcgaG90ZWwgYXBwIHdpbGwgZ2l2ZSB5b3UgdGhlIGJlc3QgcHJpY2VzIGJhc2VkIG9uIHlvdXIgaG90ZWwgc2VhcmNoLiBUaGUgYXBwIHdpbGwgY2FsY3VsYXRlIHRoZSBudW1iZXIgb2YgbmlnaHRzIHlvdSBwaWNrZWQgYW5kIGdpdmUgeW91IHRoZSBiZXN0IHJhdGVzIHdlIGNvdWxkIGZpbmQhIiwicHJpdmFjeVBvbGljeVVybCI6Imh0dHA6Ly93d3cuZWFzeXRvYm9vay5jb20vcHJpdmFjeS8/YW11PTI4MDgyNjg2OSIsInRlcm1zT2ZVc2VVcmwiOiJodHRwOi8vd3d3LmVhc3l0b2Jvb2suY29tL2Rpc2NsYWltZXIvP2FtdT0yODA4MjY4NjkifSwiSGlkZGVuQXBwIjpmYWxzZSwiRW5hYmxlZEluSHR0cHMiOmZhbHNlfV0sIlN0YXR1cyI6InN1Y2NlZWRlZCIsImxhc3RVcGRhdGVUaW1lIjoxMzY4OTIwMzA2MDU1fQ==
FF - user.js: CT3289847.mam_gk_appsDefaultEnabled.enc - bnVsbA==
FF - user.js: CT3289847.mam_gk_configuration.enc - eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiODUwNTIyYWItMjJkZS00YWYyLThlNzktNDU4M2M3OGM2NzIxIiwiZG9tYWlucyI6WyIqIl0sImRvbWFpbnNFeGNlcHRpb24iOlsiIl19XX0seyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImU1NjU2MzEyLWMxZjUtNDIzNy04YTFkLTM0MmNhZWQ2MDQ4NSIsImRvbWFpbnMiOlsiKiJdLCJkb21haW5zRXhjZXB0aW9uIjpbIiJdfV19LHsiaWQiOiJFYXN5dG9ib29rIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiOTI0ODU5YmEtOWQ4Ny00ODkzLWE1N2UtYjJmNjBmMDViMTZjIiwiZG9tYWlucyI6WyJ0cmlwYWR2aXNvciIsInJvb21rZXkiXSwiZG9tYWluc0V4Y2VwdGlvbiI6WyIiXX1dfV0sIlN0YXR1cyI6InN1Y2NlZWRlZCIsImxhc3RVcGRhdGVUaW1lIjoxMzY4OTIwMzA2MDIwfQ==
FF - user.js: CT3289847.mam_gk_currentVersion.enc - MS40LjQuNg==
FF - user.js: CT3289847.mam_gk_eventsCache.enc - eyI3ODEzNzJmMS1iZjIxLTQ1NzgtYjVlNy0zZWIzMmQ1OWQ0N2YiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlSWQiOiI3ODEzNzJmMS1iZjIxLTQ1NzgtYjVlNy0zZWIzMmQ1OWQ0N2YiLCJldmVudFRyaWdnZXJUaW1lIjoxMzY4OTIwNjA1NjA3fX0=
FF - user.js: CT3289847.mam_gk_first_time.enc - MQ==
FF - user.js: CT3289847.mam_gk_gadgetOpen.enc - d2VsY29tZQ==
FF - user.js: CT3289847.mam_gk_installer_preapproved.enc - ZmFsc2U=
FF - user.js: CT3289847.mam_gk_lastLoginTime.enc - MTM2ODkyMDYwNDQ1OQ==
FF - user.js: CT3289847.mam_gk_localization.enc - eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIgZXhwZXJpZW5jZSBieSBvZmZlcmluZyB5b3UgZ3JlYXQgZGVhbHMsIGNvdXBvbnMsIHJlbGF0ZWQgY29udGVudCBhbmQgbXVjaCBtb3JlLiJ9LCJnYWRnZXREZXNjcmlwdGlvblNlY29uZGFyeSI6eyJUZXh0IjoiVmFsdWUgQXBwcyBtYXkgcmVxdWlyZSB1c2Ugb2YgeW91ciBwZXJzb25hbCBpbmZvcm1hdGlvbiwgaW5jbHVkaW5nIHlvdXIgSW50ZXJuZXQgUHJvdG9jb2wgYWRkcmVzcywgdGhlIHdlYnBhZ2VzIHlvdSB2aXNpdCBhbmQgdGhlaXIgY29udGVudC4ifSwiZ2FkZ2V0RW5hYmxlIjp7IlRleHQiOiJUcnkgaXQgbm93In0sImdhZGdldE5vVGhhbmtzIjp7IlRleHQiOiJDdXN0b21pemUifSwiZ2FkZ2V0VGVybXNBbmRQcml2YWN5UG9saWN5Ijp7IlRleHQiOiJUZXJtcyAmIFByaXZhY3kgUG9saWNpZXMifSwiZ2FkZ2V0VGVybXNUZXh0Ijp7IlRleHQiOiJCeSBjbGlja2luZyBcIlRyeSBpdCBub3dcIiwgeW91IGFncmVlIHRvIHRoZSBhY2Nlc3MsIGNvbGxlY3Rpb24gYW5kIHVzYWdlIG9mIHlvdXIgaW5mb3JtYXRpb24gYnkgVmFsdWUgQXBwcyBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIHt7e3Rlcm1zQW5kUHJpdmFjeVBvbGljeUhhbmRsZXJ9fX0uIFNlZSBvdXIge3t7Y29udGVudFBvbGljeUhhbmRsZXJ9fX0gZm9yIG1vcmUgaW5mb3JtYXRpb24uIn0sIm5ld2FwcGxlYXJubW9yZSI6eyJUZXh0IjoiTGVhcm4gbW9yZSJ9LCJuZXdhcHB0ZXh0Ijp7IlRleHQiOiJbQXBwIG5hbWVdIHdhcyBhZGRlZCB0byBWYWx1ZSBBcHBzIHNlcnZpY2UifSwic2V0dGluZ3NDYW5jZWwiOnsiVGV4dCI6IkNhbmNlbCJ9LCJzZXR0aW5nc0NvdXBvbkJ1ZGR5RGVzY3JpcHRpb24iOnsiVGV4dCI6IkNvdXBvbiBCdWRkeSBzYXZlcyB5b3UgbW9uZXkgYnkgc2VydmluZyB5b3UgdGhlIGJlc3QgY291cG9ucyBhbmQgZGVhbHMgYXQgdGhvdXNhbmRzIG9mIHRoZSBsYXJnZXN0IG9ubGluZSBtZXJjaGFudHMuIENvdXBvbiBCdWRkeSByZWNvZ25pemVzIHdoZXJlIHlvdSBhcmUgYnJvd3NpbmcgYW5kIGFsZXJ0cyB5b3Ugb2YgdGhlIGJlc3QgZGVhbHMgcmlnaHQgb24gdGhlIHNpdGUgeW91IGFyZSB2aXNpdGluZy4ifSwic2V0dGluZ3NDb3Vwb25CdWRkeU5hbWUiOnsiVGV4dCI6IkNvdXBvbiBCdWRkeSJ9LCJzZXR0aW5nc0VuYWJsZSI6eyJUZXh0IjoiRW5hYmxlIn0sInNldHRpbmdzRW5hYmxlZCI6eyJUZXh0IjoiRW5hYmxlZCJ9LCJzZXR0aW5nc1ByaWNlR29uZ0Rlc2NyaXB0aW9uIjp7IlRleHQiOiJ5b3VyIG9ubGluZSBzaG9wcGluZyBhc3Npc3RhbnQuIFVzZSBQcmljZUdvbmcgdG8gZmluZCB0aGUgYmVzdCBvbmxpbmUgZGVhbHMgYW5kIGdldCBvbmxpbmUgY291cG9ucyBqdXN0IHdoZW4geW91IG5lZWQgaXQuIn0sInNldHRpbmdzUHJpY2VHb25nTmFtZSI6eyJUZXh0IjoiUHJpY2UgR29uZyJ9LCJzZXR0aW5nc1ByaXZhY3lQb2xpY3kiOnsiVGV4dCI6IlByaXZhY3kgUG9saWN5In0sInNldHRpbmdzU2F2ZSI6eyJUZXh0IjoiU2F2ZSJ9LCJzZXR0aW5nc1Rlcm1zT2ZVc2UiOnsiVGV4dCI6IlRlcm1zIG9mIFVzZSJ9LCJsYXN0VXBkYXRlVGltZSI6MTM2ODkyMDYwNDMwOH0=
FF - user.js: CT3289847.mam_gk_pgUnloadedOnce.enc - dHJ1ZQ==
FF - user.js: CT3289847.mam_gk_settings1.4.4.6.enc - eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0Ijp0cnVlLCJIYWRQRyI6ZmFsc2UsIm5ld0FwcHNFeHBlcmllbmNlIjpmYWxzZSwidHJhY2tpbmciOnsiZ2EiOnRydWUsImRiIjp0cnVlfSwic2VydmljZXMiOlt7Im5hbWUiOiJjb25maWd1cmF0aW9uIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2NvbmZpZ3VyYXRpb24/Y3RpZD1DVDMyODk4NDcmc3RhbXA9MjYwXzAmY291bnRyeT1VUyZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoiYXBwc0RhdGEiLCJ1cmwiOiJodHRwOi8vY2xpZW50c2VydmljZS5tYW0uY29uZHVpdC1zZXJ2aWNlcy5jb20vYXBwc2RhdGE/Y3RpZD1DVDMyODk4NDcmc3RhbXA9MjYwXzAmY291bnRyeT1VUyZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OJiZsb2NhbD1FQkxPQ0FMRSIsImludGVydmFsIjoyNDB9LHsibmFtZSI6ImxvY2FsaXphdGlvbiIsInVybCI6Imh0dHA6Ly9sb2NhbGl6YXRpb25zZXJ2aWNlLm1hbS5jb25kdWl0LmNvbS9nZXRwcm9kdWN0dHJhbnNsYXRpb24/cD1tYW0mbD1FQkxPQ0FMRSIsImludGVydmFsIjoxNDQwfSx7Im5hbWUiOiJsb2dpbiIsInVybCI6Imh0dHA6Ly9tYW0tYWxpdmUtbXNnLmNvbmR1aXQtZGF0YS5jb20iLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJ1c2FnZSIsInVybCI6Imh0dHA6Ly9tYW0tdXNhZ2UuY29uZHVpdC1kYXRhLmNvbS8iLCJpbnRlcnZhbCI6MjQwfV19LCJsYXN0VXBkYXRlVGltZSI6MTM2ODkyMDMwNTk2MH0=
FF - user.js: CT3289847.mam_gk_showCloseButton.enc - dHJ1ZQ==
FF - user.js: CT3289847.mam_gk_showWelcomeGadget.enc - ZmFsc2U=
FF - user.js: CT3289847.mam_gk_userId.enc - MWVmMDMwNzgtNmM3OC00ZGUxLTkzZTItNGVhZTRmYTgwODJi
FF - user.js: CT3289847.migrateAppsAndComponents - true
FF - user.js: CT3289847.navigationAliasesJson - {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://whitesmokenew.ourtoolbar.com/\,\EB_TOOLBAR_ID\:\ct3289847\,\EB_TOOLBAR_VERSION\:\10.16.2.509\,\EB_ORIGINAL_CTID\:\ct3289847\,\EB_DOWNLOAD_PAGE\:\http://whitesmokenew.ourtoolbar.com/\,\EB_TOOLBAR_NAME\:\whitesmoke new\}
FF - user.js: CT3289847.openThankYouPage - false
FF - user.js: CT3289847.openUninstallPage - true
FF - user.js: CT3289847.originalHomepage - about:home
FF - user.js: CT3289847.originalSearchAddressUrl - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - user.js: CT3289847.originalSearchEngine - Yahoo
FF - user.js: CT3289847.price-gong.isManagedApp - true
FF - user.js: CT3289847.revertSettingsEnabled - true
FF - user.js: CT3289847.search.searchAppId - 130068661007799818
FF - user.js: CT3289847.search.searchCount - 0
FF - user.js: CT3289847.searchFromAddressBarEnabledByUser - true
FF - user.js: CT3289847.searchInNewTabEnabledByUser - true
FF - user.js: CT3289847.searchInNewTabEnabledInHidden - true
FF - user.js: CT3289847.searchRevert - true
FF - user.js: CT3289847.searchUserMode - 2
FF - user.js: CT3289847.selectToSearchBoxEnabled - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.serviceLayer_service_login_isFirstLoginInvoked - {\dataType\:\boolean\,\data\:\true\}
FF - user.js: CT3289847.serviceLayer_service_login_loginCount - {\dataType\:\number\,\data\:\4\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_activeCTID - {\dataType\:\string\,\data\:\ct3289847\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl - {\dataType\:\string\,\data\:\hxxp://whitesmokenew.ourtoolbar.com//xpi\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName - {\dataType\:\string\,\data\:\whitesmoke new\}
FF - user.js: CT3289847.serviceLayer_service_toolbarGrouping_invoked - {\dataType\:\string\,\data\:\true\}
FF - user.js: CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate - 1368920288437
FF - user.js: CT3289847.serviceLayer_services_appsMetadata_lastUpdate - 1368925224937
FF - user.js: CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate - 1368920288520
FF - user.js: CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate - 1368920288686
FF - user.js: CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate - 1368920288911
FF - user.js: CT3289847.serviceLayer_services_location_lastUpdate - 1368920287385
FF - user.js: CT3289847.serviceLayer_services_login_10.16.2.9_lastUpdate - 1368920288822
FF - user.js: CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate - 1368920288488
FF - user.js: CT3289847.serviceLayer_services_searchAPI_lastUpdate - 1368920287425
FF - user.js: CT3289847.serviceLayer_services_serviceMap_lastUpdate - 1368920286802
FF - user.js: CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate - 1368920288446
FF - user.js: CT3289847.serviceLayer_services_toolbarSettings_lastUpdate - 1368925224036
FF - user.js: CT3289847.serviceLayer_services_translation_lastUpdate - 1368920288558
FF - user.js: CT3289847.settingsINI - true
FF - user.js: CT3289847.shouldFirstTimeDialog - false
FF - user.js: CT3289847.showToolbarPermission - false
FF - user.js: CT3289847.smartbar.CTID - CT3289847
FF - user.js: CT3289847.smartbar.Uninstall - 0
FF - user.js: CT3289847.smartbar.homepage - true
FF - user.js: CT3289847.smartbar.toolbarName - WhiteSmoke New
FF - user.js: CT3289847.startPage - true
FF - user.js: CT3289847.toolbarBornServerTime - 19-5-2013
FF - user.js: CT3289847.toolbarCurrentServerTime - 19-5-2013
FF - user.js: CT3289847.toolbarLoginClientTime - Sat May 18 2013 19:38 GMT-0400 (Eastern Daylight Time)
FF - user.js: CT3289847.versionFromInstaller - 10.16.2.9
FF - user.js: CT3289847_Firefox.csv - [{\from\:\abs layer\,\action\:\loading toolbar\,\time\:1368928673720,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}]
FF - user.js: CT3294791.autoDisableScopes - 0
FF - user.js: CT3294791.installSessionId - {7963408C-C299-456E-9E9F-42B82EDF5D6D}
FF - user.js: CT3294791.installSp - TRUE
FF - user.js: CT3294791.installerVersion - 1.4.2.3
FF - user.js: CT3294791.searchRevert - false
FF - user.js: CT3294791.searchUserMode - 2
FF - user.js: Smartbar.ConduitHomepagesList - hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: Smartbar.ConduitSearchEngineList - WhiteSmoke New Customized Web Search
FF - user.js: Smartbar.ConduitSearchUrlList - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: Smartbar.SearchFromAddressBarSavedUrl - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - user.js: Smartbar.keywordURLSelectedCTID - CT3289847
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1368920541
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1368920901
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1368920421
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1368925212
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1368920781
FF - user.js: browser.cache.disk.capacity - 358400
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size.use_old_max - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 358400
FF - user.js: browser.download.lastDir - c:\\Users\\kidd\\Desktop\\New folder\\New Folder (2)\\pantyhose
FF - user.js: browser.download.panel.firstSessionCompleted - true
FF - user.js: browser.download.panel.shown - true
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.migration.version - 9
FF - user.js: browser.newtab.url - about:blank
FF - user.js: browser.newtabpage.blocked - {\/yJu9NVpUfhpEFApI1RChg==\:1,\LOIMjJ9F2q5ei/M0jRAXog==\:1,\+PPPRVqmTt9zB7vj98gnEA==\:1,\+sA8xrsLdE0QVxOEnTxIOA==\:1,\guY+BOA793LU5b8RAhWRrQ==\:1,\7QdcnMeOvWcJjxhgOjgJhA==\:1,\7v0FzDEj0eJw8lEy9hrtHA==\:1,\rMQGQm4580B4cbXy0D24pQ==\:1,\GwKxn0cnolv4A6Dq+/bGqA==\:1,\DPND0jyeHKk6WXjeO7483g==\:1,\uXyMUT2+V0oEHsHehW30ew==\:1,\kCBBUatZYKw/3vHOmEP6tA==\:1,\6dRMkKLVGF7WTBppIHrJqg==\:1,\NQGOjI0xCCGXRPAZfIhJ6g==\:1,\/5CCH+6ysCozpvn8jl8/zQ==\:1,\/UhF+8Qpecv5yF7F9L4hKA==\:1,\7fRBo342Pz9Yyv7GZ8jdQA==\:1,\YmrBNJdxOhtu4dAsoWUqOA==\:1,\SVLp3hq+Mg+m5dkARUo/mg==\:1,\RHwdgZUyRw9CdIO1wq0ypg==\:1,\b8LnT+LGURSYfmjEIjkS8Q==\:1,\qdgu9szpZ1mwrbobweExaA==\:1,\Ek4F7wjDg8xb0lQesUjdyg==\:1,\14GSd6b5QKqaxMVVNe/YXQ==\:1,\k8FwSfOVcxS9kGerC4NoOQ==\:1,\nEgfLkS3o8TbgsDlgyJqPw==\:1,\8oh50xedkxyTyYkc3HtC6Q==\:1,\gzUQKOEIFXMAtOlKrdF9RQ==\:1,\pCuirzMviSYbGQA4bVSNag==\:1,\SRf3ydQ5wAfSS0se9/GCnA==\:1,\svKWy/EUTiPrjm3GifPItA==\:1,\CmvKdjdDdKukzhknj32Tpg==\:1,\FuiXwINI+2D3wYYaMMDSpA==\:1,\IWvCq+DtQIDBatIVj6NxDQ==\:1,\Bu78wXApkFNarojz5RePZw==\:1,\FGa1jbJgNy+fjlqtqpIzOg==\:1,\+QkPFbylWQCtO/dSTdtpXA==\:1,\PZncUpFZgyOW80XR7Dlqbg==\:1,\qWW47oMOsbNTSmASXrLfow==\:1,\NCW0bemX+q6uCKZ+BT3z2g==\:1,\MWKv6nVHqFMLNCHbp/NIbA==\:1,\x5qVcO55h3tyWLJSfLdoGA==\:1,\9Vjxa3V7VVYld/2bImm1Pw==\:1,\oA0KpsivrGaFp/qTKp8sjA==\:1,\8Ak7hD0CPkClohwPLL2iFA==\:1,\RBey4IvH6ZLM3n8Wf/kB5g==\:1,\PdbyBjrm0CKTvPlo/KfdHg==\:1,\i1FfZ8O8C/dfDCL7eJz0ww==\:1,\rkFbnZhnZ13r6BS/ulNsKg==\:1,\pQ+FRkMA2KNdMkOgqHkD5Q==\:1,\0minR1lILorhvpm+dZb50g==\:1,\fAr/scI2qqZrkQ6O3WIyAg==\:1,\6Q54JI6nGsbSHUddwiPlug==\:1,\ZzH1t1FMcOHmfOJQKNdiUQ==\:1,\NtJMieDLGhRxHtjABRCT0A==\:1,\JWXioivjrura3eL4s0hycQ==\:1,\20Li3XDB/sU+jhfmte6Llw==\:1,\OXCwr8GH5wHBqTRTV+J6sA==\:1,\0w2tVY9Rz2GqF43Crc+IXQ==\:1,\pPH3AgMk1RqdavCsa5yccQ==\:1,\Hk0jFLAEv39L74w5YCXM0g==\:1,\OEGDWus6qfwYO1wVAfYU+Q==\:1,\vibHrwISnJTP1HspWxmSXg==\:1,\3u1/yMrQHmWgLuvqYIOjhg==\:1,\q80MTf50Ro5xO+SIkMGSdQ==\:1,\nTiIS17w+5tVU/+/nJDiqQ==\:1,\s+m4qnj9Rj5AN5sXp6FQTg==\:1,\AMohO0f/Pdd/z3/+tCB0og==\:1,\flVA5LoAureTeMT5aTwBTQ==\:1,\RujKImxEn4xCvRAS8SJphw==\:1,\3C+L0Yu35D9jPWIFr3t+LQ==\:1,\wn3oSgC5n9QC8iPptRGFpQ==\:1,\4AAXvLSYG2sKR/MRsdsoVg==\:1,\YKhx0M5TC3Ru/BJp2gm+kg==\:1,\WMrcy3qFcvRJMXGKscRryQ==\:1,\KyVudLiMUpCG1RnNFxnuSw==\:1,\gN7LhGowFOhpFcQ7vTV6VA==\:1,\nEmbFbgY3iVtnuOMSdiD8Q==\:1,\R5kE89mkV8wNLmrGMct55Q==\:1,\lCiJDYjs49fZ+c/JHbKUbQ==\:1,\ctLlEGb7/J8EOmXWcjxTyw==\:1,\VpyUn74pmWtXEMyvtlAscQ==\:1,\SmMcdBw2wjw8J8plWbSQqw==\:1,\AFM0MyXNrm0jN14DqeZZnA==\:1,\68and/ppbQW5ecTMLDGFpg==\:1,\aa4tjNU7RzhQEnfMk26CSQ==\:1,\h7muCdgGneYq/4PmGyP0ew==\:1,\T6ensQyYoFCspyDFyfrkCw==\:1,\EIMYEHDxi2K/E7YPuR9/MA==\:1,\RkNoXvDw1SxwYoEhTGNysg==\:1,\rm5UOzwLSqae0I11nTmx4g==\:1,\t+nP64GNRJoGOb6cDtHAEA==\:1,\4jjaOdyAZi5oHotPclP3qg==\:1,\a26vopmlQHtyxCfp6DP7gA==\:1,\Aqg3JjcIFpt5M0l9RKegZQ==\:1,\LPCrvwvqVM2c8XVWY1RWPw==\:1,\PmEjjXpYqxgWIfFLNQjCPA==\:1,\rWG/5+h4BHZkrwSqgEG53Q==\:1,\8Gl7jqgpbaqnWlBpnKSJ/g==\:1,\YYMlmZUDhmt77G8WRFDVAA==\:1,\2hjVoSZ25PGO1Aqxdo/DSA==\:1,\7oLhZeLEM90CMVeqA6wqPQ==\:1,\2iDb0V4M30An0yOSZ87+fA==\:1,\ajNeD0wB0w/UqCMLGAUSKw==\:1,\3GxO/EDrie44UqdJiZrKQg==\:1,\qZE/6lFBeNF7DyKkAXLhTQ==\:1,\+tENcQl1CIlhegvv7bJCvg==\:1,\Gy9NkZkBybPp4qMfBYgrDQ==\:1,\36wqwvgQK7+9TvGKJH10yw==\:1,\cWegcRvQi4b1rT4dU5meaA==\:1,\PnyHSNfG32bzfaMX+wylVg==\:1,\ek5tJJPbOhEpzXcmrHImaA==\:1,\qwBz4UZRMnpkzpbc0uOacQ==\:1,\dCi1OiibnxkOELc6Vpovqg==\:1,\7wBHSDegyZbqDK8TMu8iZA==\:1,\lvUo1DhHte08hBgduKesxg==\:1}
FF - user.js: browser.newtabpage.pinned - [null,null,null,null,null,{\url\:\hxxps://www.youtube.com/\,\title\:\youtube\}]
FF - user.js: browser.newtabpage.storageVersion - 1
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultengine - Ask.com
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.search.defaultthis.engineName - WhiteSmoke New Customized Web Search
FF - user.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN12415494822172248&UM=2&SearchSource=3&q={searchTerms}
FF - user.js: browser.search.order.1 - Ask.com
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&ilc=12&type=685749
FF - user.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: browser.startup.homepage_override.buildID - 20130409194949
FF - user.js: browser.startup.homepage_override.mstone - 20.0.1
FF - user.js: browser.syncPromoViewsLeftMap - {\bookmarks\:0,\passwords\:0}
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - E7CF176E110C211B
FF - user.js: datareporting.healthreport.currentDaySubmissionFailureCount - 0
FF - user.js: datareporting.healthreport.lastDataSubmissionRequestedTime - 1368925212075
FF - user.js: datareporting.healthreport.nextDataSubmissionTime - 1369012236032
FF - user.js: datareporting.policy.dataSubmissionPolicyAccepted - true
FF - user.js: datareporting.policy.dataSubmissionPolicyAcceptedVersion - 1
FF - user.js: datareporting.policy.dataSubmissionPolicyNotifiedTime - 1366079841365
FF - user.js: datareporting.policy.dataSubmissionPolicyResponseTime - 1366080148764
FF - user.js: datareporting.policy.dataSubmissionPolicyResponseType - accepted-implicit-time-elapsed
FF - user.js: datareporting.policy.firstRunTime - 1365987103979
FF - user.js: datareporting.sessions.current.activeTicks - 3
FF - user.js: datareporting.sessions.current.firstPaint - 14400
FF - user.js: datareporting.sessions.current.main - 110
FF - user.js: datareporting.sessions.current.sessionRestored - 14431
FF - user.js: datareporting.sessions.current.startTime - 1368928659204
FF - user.js: datareporting.sessions.current.totalTime - 29618
FF - user.js: datareporting.sessions.currentIndex - 25
FF - user.js: datareporting.sessions.previous.21 - {\s\:1368676554493,\a\:6,\t\:40204,\c\:false,\m\:3354,\fp\:14010,\sr\:14041}
FF - user.js: datareporting.sessions.previous.22 - {\s\:1368790869077,\a\:202,\t\:2799152,\c\:false,\m\:842,\fp\:2949,\sr\:3058}
FF - user.js: datareporting.sessions.previous.23 - {\s\:1368920282474,\a\:2,\t\:12713,\c\:true,\m\:202,\fp\:2653,\sr\:2684}
FF - user.js: datareporting.sessions.previous.24 - {\s\:1368920300368,\a\:246,\t\:8354471,\c\:true,\m\:93,\fp\:1218,\sr\:1233}
FF - user.js: datareporting.sessions.prunedIndex - 20
FF - user.js: devtools.toolbox.selectedTool - inspector
FF - user.js: dom.w3c_touch_events.expose - false
FF - user.js: extensions.asktb.ff-original-keyword-url -
FF - user.js: extensions.autoDisableScopes - 10
FF - user.js: extensions.blocklist.pingCountTotal - 144
FF - user.js: extensions.blocklist.pingCountVersion - 25
FF - user.js: extensions.bootstrappedAddons - {\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\:{\version\:\6.8\,\type\:\extension\,\descriptor\:\c:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi\}}
FF - user.js: extensions.databaseSchema - 14
FF - user.js: extensions.defaulttab.active.affiliate - 3564
FF - user.js: extensions.defaulttab.active.overridechromesearch - false
FF - user.js: extensions.defaulttab.active.overridekeywordsearch - false
FF - user.js: extensions.defaulttab.browserID - 8547CBB61D7B0C108AF5244EBAAC618C
FF - user.js: extensions.defaulttab.config - {\status\: \ok\, \config\: {\dns_error_handling\: \Scenario_1,Scenario_2\, \set_default_search\: \Search|Conduit\, \window_content\: \<html>\\r\\n<head>\\r\\n<style type=\\\text/css\\\>\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n        position: absolute;\\r\\n        top: 0;\\r\\n        right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n    <div class=\\\content\\\>\\r\\n    <img src=\\\hxxp://assets.defaulttab.com/pop3.png\\\>\\r\\n    </div>\\r\\n \\r\\n</body>\\r\\n</html>\, \version\: 1, \search_box_default\: \Search|Conduit\, \third_party_reporting_partner\: null, \change_home_page\: true, \set_default_search_on_update\: true, \change_default_search\: true, \icon_image_file\: \http://assets.mysearchresults.com/information-blue-16x16.ico\, \change_dns_error_handling_on_update\: false, \use_dns_error_handling\: true, \set_search_box\: true, \set_home_page_to\: \http://www.mysearchresults.com/?c=9001&t=03\, \enable_third_party_content\: true, \country\: \US\, \search_engines\: [{\search_engine\: \Search|Conduit\, \search_query_string\: \ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}\, \toolbar_search_engine_config_id\: 3363, \third_party_feed_identifier\: \\, \new_tab_content\: \<!DOCTYPE html PUBLIC \\\-//W3C//DTD XHTML 1.0 Transitional//EN\\\ \\\http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\\\>\\r\\n<html xmlns=\\\http://www.w3.org/1999/xhtml\\\ xml:lang=\\\en\\\>\\r\\n<head>\\r\\n\\t<link rel=\\\shortcut icon\\\ type=\\\image/ico\\\ href=\\\http://cdn.mysearchresults.com/images/favicon.ico\\\ />\\r\\n\\t<meta http-equiv=\\\Content-Type\\\ content=\\\application/xhtml+xml; charset=utf-8\\\ />\\r\\n\\t<title>New Tab</title>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\container\\\>\\r\\n\\t<div class=\\\wrapper\\\>\\r\\n\\t\\t<h1 class=\\\none\\\>My Search Results</h1>\\r\\n\\t\\t<form class=\\\search\\\ method=\\\get\\\ action=\\\http://search.conduit.com/Results.aspx\\\>\\r\\n\\t\\t\\t<fieldset>\\r\\n\\t\\t\\t\\t<legend class=\\\hidden\\\>My Search Results</legend>\\r\\n\\t\\t\\t\\t<div class=\\\holder\\\>\\r\\n\\t\\t\\t\\t\\t<div class=\\\hidden\\\>\\r\\n\\t\\t\\t\\t\\t\\t<input type=\\\hidden\\\ name=\\\ctid\\\ value=\\\CT3300025\\\ />\\r\\n                                                <input type=\\\hidden\\\ name=\\\UM\\\ value=\\\2\\\ />\\r\\n\\t\\t\\t\\t\\t\\t<input type=\\\hidden\\\ name=\\\SearchSource\\\ value=\\\45\\\ />\\r\\n\\t\\t\\t\\t\\t</div><!--/.none-->\\r\\n\\t\\t\\t\\t\\t<dl>\\r\\n\\t\\t\\t\\t\\t\\t<dt>\\r\\n\\t\\t\\t\\t\\t\\t\\t<strong class=\\\logo\\\><img src=\\\http://cdn.mysearchresults.com/newtab/logo.png\\\ alt=\\\logo search\\\ width=\\\35\\\ height=\\\35\\\ /></strong><!--/.logo-->\\r\\n\\t\\t\\t\\t\\t\\t\\t<label class=\\\hidden\\\ for=\\\text-search-field\\\>text-search</label>\\r\\n\\t\\t\\t\\t\\t\\t\\t<input accesskey=\\\4\\\ id=\\\text-search-field\\\ name=\\\q\\\ type=\\\text\\\ />\\r\\n\\t\\t\\t\\t\\t\\t</dt>\\r\\n\\t\\t\\t\\t\\t\\t<dd>\\r\\n\\t\\t\\t\\t\\t\\t\\t<input class=\\\btn-search\\\ type=\\\submit\\\ value=\\\Search\\\ />\\r\\n\\t\\t\\t\\t\\t\\t</dd>\\r\\n\\t\\t\\t\\t\\t</dl>\\r\\n\\t\\t\\t\\t\\t<div class=\\\search-bottom\\\>\\r\\n\\t\\t\\t\\t\\t\\t<p></a>  </p>\\r\\n\\t\\t\\t\\t\\t</div>\\r\\n\\t\\t\\t\\t</div>\\r\\n\\t\\t\\t</fieldset>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t\\t<img class=\\\img-prints-logo-icons\\\ src=\\\http://cdn.mysearchresults.com/newtab/img-prints-logo-icons.jpg\\\ width=\\\570\\\ height=\\\123\\\ />\\r\\n\\t\\t<ul class=\\\list-icons\\\>\\r\\n\\t\\t\\t<li><a href=\\\http://www.facebook.com\\\ class=\\\facebook\\\ target=\\\_blank\\\>facebook</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.twitter.com\\\ class=\\\twitter\\\ target=\\\_blank\\\>twitter</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.cnn.com\\\ class=\\\cnn\\\ target=\\\_blank\\\>cnn</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.ebay.com\\\ class=\\\ebay\\\ target=\\\_blank\\\>ebay</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.tumblr.com\\\ class=\\\tumblr\\\ target=\\\_blank\\\>tumblr.</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.linkedin.com\\\ class=\\\linked-in\\\ target=\\\_blank\\\>linked-in</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.pinterest.com\\\ class=\\\pinterest\\\ target=\\\_blank\\\>pinterest</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.wikipedia.com\\\ class=\\\wikipedia\\\ target=\\\_blank\\\>wikipedia</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.bbc.com\\\ class=\\\bbc\\\ target=\\\_blank\\\>bbc</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.amazon.com/?_encoding=UTF8&camp=1789&creative=390957&linkCode=ur2&tag=inline4-20\\\ class=\\\amazon\\\ target=\\\_blank\\\>amazon.com</a></li>\\r\\n\\t\\t\\t<li><a href=\\\http://www.nytimes.com\\\ class=\\\the-new-york-times\\\ target=\\\_blank\\\>the-new-york-times</a></li>\\r\\n\\t\\t</ul><!--/.list-icons-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\footer\\\>\\r\\n\\t\\t<ul>\\r\\n\\t\\t\\t<li>&copy; 2013 Search Results</li>\\r\\n\\t\\t\\t<li>\\r\\n\\t\\t\\t\\t<a href=\\\http://www.mysearchresults.com/privacy-policy\\\>Privacy &amp; Terms</a>\\r\\n\\t\\t\\t</li>\\r\\n\\t\\t</ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\\r\\n\\r\\n\\r\\n<style type=\\\text/css\\\>\\r\\n* { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\thtml, body{\\r\\n\\t\\theight:100%;\\r\\n\\t\\tmargin:0;\\r\\n\\t\\tmin-width:745px;\\r\\n\\t\\tfont-family:Arial, Helvetica, sans-serif;\\r\\n\\t}\\r\\n\\tul, h1, h2, h3, h4, h5, h6, p, fieldset{\\r\\n\\t\\tmargin:0;\\r\\n\\t\\tpadding:0;\\r\\n\\t\\tlist-style:none;\\t\\r\\n\\t\\tborder:0;\\r\\n\\t}\\r\\n\\t.none{display:none;}\\r\\n\\t.hidden{\\r\\n\\t\\tposition:absolute;\\r\\n\\t\\tleft:-9999px;\\r\\n\\t\\ttop:auto;\\r\\n\\t}\\r\\n\\t.container{\\r\\n\\t\\theight:100%;\\r\\n\\t\\tposition:relative;\\r\\n\\t}\\r\\n\\t.wrapper{\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\twidth:100%;\\r\\n\\t\\tpadding:0 0 45px;\\r\\n\\t}\\r\\n\\t/* search */\\r\\n\\t.wrapper .search{\\r\\n\\t\\tmargin:0 1px 38px;\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\tborder:1px solid #bebebe;\\r\\n\\t}\\r\\n\\t.search .holder{\\r\\n\\t\\tbackground:#f2f2f2;\\r\\n\\t\\twidth:100%;\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\tpadding:44px 0 9px;\\r\\n\\t}\\r\\n\\t.search dl{\\r\\n\\t\\twidth:740px;\\r\\n\\t\\tmargin:0 auto 22px;\\r\\n\\t\\tpadding:1px 0 0;\\r\\n\\t}\\r\\n\\t.search dl:after{\\r\\n\\t\\tcontent:'';\\r\\n\\t\\tdisplay:block;\\r\\n\\t\\tclear:both;\\r\\n\\t}\\r\\n\\t.search dt,\\r\\n\\t.search dd{\\r\\n\\t\\tfloat:left;\\r\\n\\t\\tmargin:0;\\r\\n\\t\\tpadding:0;\\r\\n\\t}\\r\\n\\t.search dt{width:603px;}\\r\\n\\t.search .logo{\\r\\n\\t\\tfloat:left;\\r\\n\\t\\tmargin:-1px 12px 0 0;\\r\\n\\t}\\r\\n\\t.logo img{display:block;}\\r\\n\\t.search input[type=\\\text\\\]{\\r\\n\\t\\t/*border:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t*/\\r\\n\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\tpadding:2px 7px;\\r\\n\\t\\theight:33px;\\r\\n\\t\\tfont-size:15px;\\r\\n\\t\\tline-height:21px;\\r\\n\\t\\tcolor:#555;\\r\\n\\t\\tbox-shadow:2px 2px 2px -2px #8b8b8b inset;\\r\\n\\t\\t-moz-box-shadow:2px 2px 2px -2px #8b8b8b inset;\\r\\n\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8b8b8b inset;\\r\\n\\t\\twidth:540px;\\r\\n\\t\\tfloat:right;\\r\\n\\t\\toutline:none;\\r\\n\\t}\\r\\n\\t.search .btn-search{\\r\\n\\t\\tborder:1px solid #4272c9;\\r\\n\\t\\tbackground:#4f7ed1;\\r\\n\\t\\ttext-align:center;\\r\\n\\t\\tpadding:1px 38px;\\r\\n\\t\\theight:33px;\\r\\n\\t\\tfont:bold 15px/21px Arial, Helvetica, sans-serif;\\r\\n\\t\\tcolor:#fff;\\r\\n\\t\\t;\\r\\n\\t\\tcursor:pointer;\\r\\n\\t\\tfloat:left;\\r\\n\\t}\\r\\n\\t*+ html .search .btn-search{\\r\\n\\t\\tpadding-left:20px;\\r\\n\\t\\tpadding-right:20px;\\r\\n\\t\\tborder:none;\\r\\n\\t}\\r\\n\\t.search dt input:focus,\\r\\n\\t.search .btn-search:focus{position:relative;}\\r\\n\\t.search .btn-search:hover{background:#4272c9;}\\r\\n\\t.search dt input:focus{\\r\\n\\t\\tbox-shadow:2px 2px 2px -2px #8b8b8b inset, 0 0 2px 1px rgba(238, 161, 12, .7);\\r\\n\\t\\t-moz-box-shadow:2px 2px 2px -2px #8b8b8b inset, 0 0 2px 1px rgba(238, 161, 12, .7);\\r\\n\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8b8b8b inset, 0 0 2px 1px rgba(238, 161, 12, .7);\\r\\n\\t}\\r\\n\\t.search .search-bottom{\\r\\n\\t\\tfont-size:11px;\\r\\n\\t\\tline-height:13px;\\r\\n\\t\\tcolor:#414141;\\r\\n\\t\\ttext-align:right;\\r\\n\\t\\tmargin:0 10px 0 0;\\r\\n\\t}\\r\\n\\t.search .search-bottom p{margin:0;}\\r\\n\\t.search .search-bottom a{\\r\\n\\t\\tcolor:#414141;\\r\\n\\t\\ttext-decoration:none;\\r\\n\\t}\\r\\n\\t.search .search-bottom a:hover{text-decoration:underline;}\\r\\n\\t/* footer */\\r\\n\\t.footer{\\r\\n\\t\\tposition:fixed;\\r\\n\\t\\tbottom:0;\\r\\n\\t\\tleft:0;\\r\\n\\t\\twidth:100%;\\t\\r\\n\\t\\ttext-align:right;\\r\\n\\t}\\r\\n\\t.footer ul{\\r\\n\\t\\tlist-style:none;\\r\\n\\t\\tmargin:0 auto;\\r\\n\\t\\tpadding-top:10px;\\r\\n\\t\\tpadding-bottom:3px;\\r\\n\\t\\tfont:11px/13px Arial, Helvetica, sans-serif;\\r\\n\\t\\tcolor:#555;\\r\\n\\t}\\r\\n\\t.footer ul li{\\r\\n\\t\\tdisplay:inline;\\r\\n\\t\\tpadding:0 10px;\\r\\n\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t}\\r\\n\\t.footer ul li:first-child{border:0;}\\r\\n\\t.footer ul a{\\r\\n\\t\\tcolor:#555;\\r\\n\\t\\ttext-decoration:none;\\t\\r\\n\\t}\\r\\n\\t.footer ul a:hover{text-decoration:underline;}\\r\\n\\t/* list-icons */\\r\\n\\t.list-icons{\\r\\n\\t\\twidth:594px;\\r\\n\\t\\tmargin:0 auto 10px;\\r\\n\\t\\ttext-align:center;\\r\\n\\t}\\r\\n\\t.list-icons li{\\r\\n\\t\\tdisplay:inline-block;\\r\\n\\t\\tvertical-align:middle;\\r\\n\\t\\tpadding:9px 12px;\\r\\n\\t}\\r\\n\\t*+html .list-icons li{display:inline;}\\r\\n\\t.list-icons a{\\r\\n\\t\\tdisplay:inline-block;\\r\\n\\t\\tcolor:#555;\\r\\n\\t\\ttext-decoration:none;\\t\\r\\n\\t}\\r\\n\\t*+html .list-icons a{display:inline;}\\r\\n\\t.list-icons a:hover{text-decoration:underline;}\\r\\n\\t.list-icons .facebook,\\r\\n\\t.list-icons .twitter,\\r\\n\\t.list-icons .cnn,\\r\\n\\t.list-icons .ebay,\\r\\n\\t.list-icons .tumblr,\\r\\n\\t.list-icons .linked-in,\\r\\n\\t.list-icons .pinterest,\\r\\n\\t.list-icons .wikipedia,\\r\\n\\t.list-icons .bbc,\\r\\n\\t.list-icons .amazon,\\r\\n\\t.list-icons .the-new-york-times{\\r\\n\\t\\ttext-indent:-9999px;\\r\\n\\t\\toverflow:hidden;\\r\\n\\t\\tdisplay:inline-block;\\r\\n\\t\\tbackground:url(http://cdn.mysearchresults.com/newtab/logo-icons.png) no-repeat 0 -3px;\\r\\n\\t\\twidth:33px;\\r\\n\\t\\theight:32px;\\r\\n\\t}\\r\\n\\t*+html .wrapper .list-icons li a{\\r\\n\\t\\ttext-indent:0;\\r\\n\\t\\toverflow:visible;\\r\\n\\t\\tfont-size:0;\\r\\n\\t\\tline-height:0;\\r\\n\\t}\\r\\n\\t.list-icons .twitter{\\r\\n\\t\\tbackground-position:-62px -3px;\\r\\n\\t\\twidth:43px;\\r\\n\\t}\\r\\n\\t.list-icons .cnn{\\r\\n\\t\\tbackground-position:-132px -6px;\\r\\n\\t\\twidth:53px;\\r\\n\\t\\theight:26px;\\r\\n\\t}\\r\\n\\t.list-icons .ebay{\\r\\n\\t\\tbackground-position:-217px -1px;\\r\\n\\t\\twidth:86px;\\r\\n\\t\\theight:35px;\\r\\n\\t}\\r\\n\\t.list-icons .tumblr{\\r\\n\\t\\tbackground-position:-341px -6px;\\r\\n\\t\\twidth:87px;\\r\\n\\t\\theight:24px;\\r\\n\\t}\\r\\n\\t.list-icons .linked-in{\\r\\n\\t\\tbackground-position:-466px -3px;\\r\\n\\t\\twidth:35px;\\r\\n\\t\\theight:32px;\\r\\n\\t}\\r\\n\\t.list-icons .pinterest{\\r\\n\\t\\tbackground-position:-533px 0;\\r\\n\\t\\twidth:37px;\\r\\n\\t\\theight:37px;\\r\\n\\t}\\r\\n\\t.list-icons .wikipedia{\\r\\n\\t\\tbackground-position:-20px -60px;\\r\\n\\t\\twidth:56px;\\r\\n\\t\\theight:63px;\\r\\n\\t}\\r\\n\\t.list-icons .bbc{\\r\\n\\t\\tbackground-position:-106px -75px;\\r\\n\\t\\twidth:73px;\\r\\n\\t\\theight:21px;\\r\\n\\t}\\r\\n\\t.list-icons .amazon{\\r\\n\\t\\tbackground-position:-209px -76px;\\r\\n\\t\\twidth:119px;\\r\\n\\t\\theight:25px;\\r\\n\\t}\\r\\n\\t.list-icons .the-new-york-times{\\r\\n\\t\\tbackground-position:-357px -72px;\\r\\n\\t\\twidth:178px;\\r\\n\\t\\theight:26px;\\r\\n\\t}\\r\\n\\t.list-icons .facebook:hover{background-position:0 -136px;}\\r\\n\\t.list-icons .twitter:hover{background-position:-62px -136px;}\\r\\n\\t.list-icons .cnn:hover{background-position:-132px -139px;}\\r\\n\\t.list-icons .ebay:hover{background-position:-217px -134px;}\\r\\n\\t.list-icons .tumblr:hover{background-position:-341px -139px;}\\r\\n\\t.list-icons .linked-in:hover{background-position:-466px -136px;}\\r\\n\\t.list-icons .pinterest:hover{background-position:-533px -133px;}\\r\\n\\t.list-icons .wikipedia:hover{background-position:-20px -193px;}\\r\\n\\t.list-icons .bbc:hover{background-position:-106px -208px;}\\r\\n\\t.list-icons .amazon:hover{background-position:-209px -209px;}\\r\\n\\t.list-icons .the-new-york-times:hover{background-position:-357px -205px;}\\r\\n\\t.img-prints-logo-icons{display:none;}\\r\\n\\t@media print{\\r\\n\\t\\t.img-prints-logo-icons{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:16px 0;\\r\\n\\t\\t\\twidth:70%;\\r\\n\\t\\t\\theight:auto;\\r\\n\\t\\t}\\r\\n\\t\\t.list-icons{display:none;}\\r\\n\\t\\t.wrapper .search{border:none;}\\r\\n\\t\\t.search .holder,\\r\\n\\t\\t.search .btn-search{background:none;}\\r\\n\\t\\t.search dl{width:100%;}\\r\\n\\t\\t.search .btn-search,\\r\\n\\t\\t.search input[type=\\\text\\\]{\\r\\n\\t\\t\\tborder:1px solid #000;\\r\\n\\t\\t\\tbox-shadow:none;\\r\\n\\t\\t\\t-webkit-box-shadow:none;\\r\\n\\t\\t\\t-moz-box-shadow:none;\\r\\n\\t\\t\\tcolor:#000;\\r\\n\\t\\t\\tbox-sizing:border-box;\\r\\n\\t\\t\\t-moz-box-sizing:border-box;\\r\\n\\t\\t\\t-webkit-box-sizing:border-box;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t}\\r\\n\\t\\t*+html .search .btn-search{border:1px solid #000;}\\r\\n\\t\\t*+html .search input[type=\\\text\\\]{height:21px;}\\r\\n\\t\\t.search dl dt{width:70%;}\\r\\n\\t\\t.search dl dd{width:30%;}\\r\\n\\t\\t.search input[type=\\\text\\\]{width:80%;}\\r\\n\\t\\t.search .btn-search{padding:1px 25%;}\\r\\n\\t\\t.footer ul,\\r\\n\\t\\t.footer ul a{color:#000;}\\r\\n\\t\\t.footer ul li{border:none;}\\r\\n\\t}\\r\\n</style>\, \base_url\: \http://search.conduit.com/Results.aspx\, \search_engine_id\: 150}, {\search_engine\: \Facebook\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3364, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://www.facebook.com/search.php?q={searchTerms}\, \search_engine_id\: 88}, {\search_engine\: \Amazon\, \search_query_string\: \&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\, \toolbar_search_engine_config_id\: 3365, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://www.amazon.com/mn/search/?encoding=UTF8\, \search_engine_id\: 85}, {\search_engine\: \Wikipedia\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3366, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://en.wikipedia.org/wiki/{searchTerms}\, \search_engine_id\: 86}, {\search_engine\: \Twitter\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3367, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \https://twitter.com/#!/search?q={searchTerms}\, \search_engine_id\: 87}, {\search_engine\: \eBay\, \search_query_string\: \\, \toolbar_search_engine_config_id\: 3368, \third_party_feed_identifier\: \\, \new_tab_content\: \\, \base_url\: \http://www.ebay.com/sch/?_nkw={searchTerms}\, \search_engine_id\: 92}], \set_home_page_on_update\: true, \channel\: 3564, \revision\: 1}}
FF - user.js: extensions.defaulttab.firstrun - false
FF - user.js: extensions.defaulttab.installedVersion - 2.0
FF - user.js: extensions.downloadyoutubevideosasmp.firstVersion - 6.6
FF - user.js: extensions.downloadyoutubevideosasmp.firstrun - false
FF - user.js: extensions.downloadyoutubevideosasmp.optIn - true
FF - user.js: extensions.downloadyoutubevideosasmp.userId - 96d92cd1-28b9-4001-b33a-2c99e9226b87
FF - user.js: extensions.downloadyoutubevideosasmp.userIdLogged - true
FF - user.js: extensions.downloadyoutubevideosasmp.version - 6.8
FF - user.js: extensions.enabledAddons - artur.dubovoy%40gmail.com:3.8.7,iobit%40mybrowserbar.com:7.0,addon%40defaulttab.com:2.0,singalong%40xenophesoft.com:1.111,%7B739df940-c5ee-4bab-9d7e-270894ae687a%7D:10.16.2.509,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js: extensions.hotfix.lastVersion - 20121019.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1368555647178},\avg@toolbar\:{\descriptor\:\c:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\14.2.0.1\,\mtime\:1361228958033}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1365724774182}}},{\name\:\winreg-app-user\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Users\\\\kidd\\\\AppData\\\\Local\\\\ArcadeCandy\\\\[email protected]\,\mtime\:1345050184580},\[email protected]\:{\descriptor\:\c:\\\\Program Files (x86)\\\\SingAlong\\\\FF\,\mtime\:1368920192178}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\[email protected]\,\mtime\:1368920209541},\[email protected]\:{\descriptor\:\c:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\[email protected]\,\mtime\:1363223564553},\[email protected]\:{\descriptor\:\c:\\\\Program Files (x86)\\\\IObit Toolbar\\\\FF\,\mtime\:1365987703094},\{739df940-c5ee-4bab-9d7e-270894ae687a}\:{\descriptor\:\c:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\{739df940-c5ee-4bab-9d7e-270894ae687a}\,\mtime\:1368928672408},\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\:{\descriptor\:\c:\\\\Users\\\\kidd\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rj3hj08x.default\\\\extensions\\\\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi\,\mtime\:1364054142261}}}]
FF - user.js: extensions.lastAppVersion - 20.0.1
FF - user.js: extensions.lastPlatformVersion - 20.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://search/easy%20youtube
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: fvd_single.download.window_height - 500
FF - user.js: fvd_single.download.window_width - 900
FF - user.js: fvd_single.fvdsd_last_used_version - 3.8.7
FF - user.js: fvd_single.is_first_run - false
FF - user.js: fvd_single.single.dont_display_features_hint - true
FF - user.js: fvd_single.supported_sites.check_interval - 2335735235
FF - user.js: fvd_single.supported_sites.last_check - Sat, 20 Oct 2012 13:17 GMT
FF - user.js: gecko.buildID - 20130409194949
FF - user.js: gecko.mstone - 20.0.1
FF - user.js: gfx.direct3d.prefer_10_1 - true
FF - user.js: idle.lastDailyNotification - 1368920888
FF - user.js: intl.charsetmenu.browser.cache - UTF-8, windows-1256, windows-1250, windows-1251, windows-1252
FF - user.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: pdfjs.database - {\files\:[{\fingerprint\:\12a221a2586df7234c28f256779dbb55\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollLeft\:0,\scrollTop\:798}]}
FF - user.js: pdfjs.migrationVersion - 1
FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
FF - user.js: pdfjs.previousHandler.preferredAction - 4
FF - user.js: places.database.lastMaintenance - 1368645065
FF - user.js: places.history.expiration.transient_current_max_pages - 104858
FF - user.js: plugin.disable_full_page_plugin_for_types - application/pdf
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: smartbar.addressBarOwnerCTID - CT3289847
FF - user.js: smartbar.conduitHomepageList - hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN12415494822172248&UM=2&SearchSource=13,http://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: smartbar.conduitSearchAddressUrlList - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN12415494822172248&UM=2&q=
FF - user.js: smartbar.defaultSearchOwnerCTID - CT3289847
FF - user.js: smartbar.homePageOwnerCTID - CT3289847
FF - user.js: smartbar.machineId - YDSWRDYDQVCMPKDXOLMLUMSDNEAMQ+YCLOKK3SMI+EYER9WVOO4LZX6RYJCPBOCKBJTSLQZFZYHMLHXUAKQVNQ
FF - user.js: smartbar.originalHomepage - hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN12415494822172248&UM=2&SearchSource=13
FF - user.js: spellchecker.dictionary - en-US
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1367136142
FF - user.js: toolkit.startup.last_success - 1368928659
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1371268570
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=5610671689b9441fa07ce3555fba4a39&tu=11LG0008k2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=5610671689b9441fa07ce3555fba4a39&tu=11LG0008k2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=5610671689b9441fa07ce3555fba4a39&tu=11LG0008k2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 963089350000000000000021704b073c
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15882
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1115:31
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5162
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118648906332976-5162
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=5610671689b9441fa07ce3555fba4a39&tu=11LG0008k2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN80108621119424293&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23
FF - user.js: extensions.zonealarm.dfltSrch - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\kidd\AppData\Local\DownloadTerms\temp.dat
BHO-{8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO-{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - c:\users\kidd\AppData\Local\ArcadeCandy\candyEX.dll
Toolbar-10 - (no file)
Toolbar-!{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
Wow6432Node-HKCU-Run-Browser Infrastructure Helper - c:\users\kidd\AppData\Local\Smartbar\Application\QuickShare.exe
Wow6432Node-HKCU-Run-SearchProtection - c:\users\kidd\AppData\Roaming\Search Protection\SearchProtection.EXE
Wow6432Node-HKU-Default-Run-Advanced SystemCare 5 - c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{7F3F960E-A836-45CA-8911-0ACCB522246E} - (no file)
AddRemove-Search Protection - c:\users\kidd\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-26  15:50:42 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-26 19:50
.
Pre-Run: 267,125,809,152 bytes free
Post-Run: 267,542,843,392 bytes free
.
- - End Of File - - 5838C9A1CE8055728E7813EB77C52257
A36C5E4F47E84449FF07ED3517B43A31
 

____________________________________________________________________________________________________

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.999000 GHz
Memory total: 8452759552, free: 6811275264

Downloaded database version: v2013.06.26.05
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.999000 GHz
Memory total: 8452759552, free: 7163760640

Initializing...
------------ Kernel report ------------
     06/26/2013 15:56:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80081ed460
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xfffffa8008234590
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800822c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8007d6bb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80081ea440
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa8006a68b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008232060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa8007900b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80079a9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800744a060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80079a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80079a9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80079a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007448520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800744a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 90000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 128457

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129024  Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31586304  Numsec = 945184768
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976771072  Numsec = 2080
    Partition is not bootable
Hidden partition VBR is not infected.

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008232060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80081eb370, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008232060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007900b60, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80081ea440, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800821d690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081ea440, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a68b60, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800822c790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800822f690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800822c790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d6bb60, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80081ed460, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800822e690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081ed460, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008234590, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_31586304_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_3_976771072_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

_______________________________________________________________________________________________

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.26.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16618
kidd :: KIDD-PC [administrator]

6/26/2013 3:57:02 PM
mbar-log-2013-06-26 (15-57-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 258445
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

_____________________________________________________________________________________________

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 6.0   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 26 June 2013 - 10:36 PM

We're making progress. Please do the following:
 

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 lilbit2604

lilbit2604
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 June 2013 - 10:53 PM

i've done all the things you've requested and the computer still acts the same. Here are the log files from what you requested..

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 07:59:11
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (64 bits)
# User : kidd - KIDD-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\kidd\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : 24x7HelpSvc
Found : CltMngSvc
Found : WajamUpdater

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\searchplugins\vafmusic2-customized-web-search.xml
File Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\searchplugins\zonealarm.xml
File Found : C:\Users\kidd\Desktop\Optimizer Pro.lnk
File Found : C:\Users\Public\Desktop\24x7 Help.lnk
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\SingAlong
Folder Found : C:\Program Files (x86)\Vafmusic2
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\kidd\AppData\Local\AVG Secure Search
Folder Found : C:\Users\kidd\AppData\Local\Conduit
Folder Found : C:\Users\kidd\AppData\Local\getsav-in
Folder Found : C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\kidd\AppData\Local\Smartbar
Folder Found : C:\Users\kidd\AppData\Local\SwvUpdater
Folder Found : C:\Users\kidd\AppData\Local\Wajam
Folder Found : C:\Users\kidd\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\kidd\AppData\LocalLow\Conduit
Folder Found : C:\Users\kidd\AppData\LocalLow\PriceGong
Folder Found : C:\Users\kidd\AppData\LocalLow\Smartbar
Folder Found : C:\Users\kidd\AppData\LocalLow\Vafmusic2
Folder Found : C:\Users\kidd\AppData\Roaming\24x7 Help
Folder Found : C:\Users\kidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\CT3289847
Folder Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\CT3294791
Folder Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Found : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\Smartbar
Folder Found : C:\Users\kidd\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\kidd\AppData\Roaming\search protection
Folder Found : C:\Users\kidd\AppData\Roaming\SearchProtect
Folder Found : C:\Windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}

***** [Registry] *****

Key Found : HKCU\Software\24x7HELP
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Vafmusic2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\24x7HELP
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Vafmusic2
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB3B5002-FC82-4546-8380-421C7BA29ADF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic2 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKU\S-1-5-21-2223149679-675425120-3915631555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN40151088772504321&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\prefs.js

Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3289847.FirstTime", "true");
Found : user_pref("CT3289847.FirstTimeFF3", "true");
Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.UserID", "UN12415494822172248");
Found : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3289847.cbfirsttime.enc", "U3VuIE1heSAxOSAyMDEzIDAxOjQzOjI4IEdNVC0wNDAwIChFYXN0ZXJuIERh[...]
Found : user_pref("CT3289847.countryCode", "US");
Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Found : user_pref("CT3289847.firstTimeDialogOpened", "true");
Found : user_pref("CT3289847.first_time_search.enc", "MQ==");
Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "TRUE");
Found : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3289847.fixUrls", true);
Found : user_pref("CT3289847.fullUserID", "UN12415494822172248.UP.20130623131458");
Found : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "NTY3MzEwOWQtZjAzNi1lYWQwLWY0ZDctNDJkMTA[...]
Found : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "NTM0ZmJhMDYtMDFiZC04Mzc4LTZlMzgtNTQ5MWV[...]
Found : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "ZjRkNGIzYTktODFlYi1iZTBmLTFlN2UtZGQyYzQ[...]
Found : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "MGQ0NGYyZjQtNzBlYi05MDE1LWYzYjctNGE4NWM[...]
Found : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "ZTMxNzEwN2MtYmI5OS0zNjY2LWIxZTAtMjlkMWV[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "NTlmYjhjNjMtZDE2NC00NjMwLT[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3289847.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3289847.keyword", true);
Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Found : user_pref("CT3289847.lastVersion", "10.16.4.519");
Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2OTM4MTQzOTk3OA==");
Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_Easytobook.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkZpbmQtYS1Qcm8iLCJ[...]
Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2OTM4MTQ0MDI3MA==");
Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3289847.mam_gk_userId.enc", "NDcwMjEyNmQtNmRjMi00YzY0LThiYmMtNWZiMzJlZjdkMGU4");
Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Found : user_pref("CT3289847.revertSettingsEnabled", "false");
Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Found : user_pref("CT3289847.search.searchCount", "0");
Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "false");
Found : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3289847.searchSuggestEnabledByUser", "false");
Found : user_pref("CT3289847.searchUserMode", "2");
Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3289847.serviceLayer_services_Configuration_lastUpdate", "1372266907703");
Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368942313871");
Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369381441384");
Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368942313961");
Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1371834650587");
Found : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1371915463384");
Found : user_pref("CT3289847.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372333978198");
Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368942313931");
Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1372266907689");
Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1372266907657");
Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1369331539950");
Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368942313888");
Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1372333977885");
Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1372267028046");
Found : user_pref("CT3289847.settingsINI", true);
Found : user_pref("CT3289847.showToolbarPermission", "false");
Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Found : user_pref("CT3289847.smartbar.isHidden", true);
Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Found : user_pref("CT3289847.toolbarBornServerTime", "19-5-2013");
Found : user_pref("CT3289847.toolbarCurrentServerTime", "27-6-2013");
Found : user_pref("CT3289847.toolbarLoginClientTime", "Sun May 19 2013 01:43:13 GMT-0400 (Eastern Daylight T[...]
Found : user_pref("CT3289847.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL3Bva2VzIzo6OmNsaWNraGFu[...]
Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT3294791.1000082.isPlayDisplay", "true");
Found : user_pref("CT3294791.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3294791.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3294791.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3294791.FirstTime", "true");
Found : user_pref("CT3294791.FirstTimeFF3", "true");
Found : user_pref("CT3294791.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3294791.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Found : user_pref("CT3294791.SF_STATUS.enc", "RU5BQkxFRA==");
Found : user_pref("CT3294791.SF_USER_ID.enc", "Y2lkXzE5NTIwMTMxNDMyNzI0MzkxMA==");
Found : user_pref("CT3294791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Found : user_pref("CT3294791.UserID", "UN80108621119424293");
Found : user_pref("CT3294791.YTbyClickFavorites.enc", "W10=");
Found : user_pref("CT3294791.YTbyClickRecent.enc", "JTVCJTdCJTIyaWQlMjIlM0ElMjJGdk1oWnhGVE51cyUyMiUyQyUyMnRp[...]
Found : user_pref("CT3294791.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3294791.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3294791.cbfirsttime.enc", "U3VuIE1heSAxOSAyMDEzIDAxOjQzOjI4IEdNVC0wNDAwIChFYXN0ZXJuIERh[...]
Found : user_pref("CT3294791.countryCode", "US");
Found : user_pref("CT3294791.defaultSearch", "true");
Found : user_pref("CT3294791.enableAlerts", "true");
Found : user_pref("CT3294791.enableFix404ByUser", "TRUE");
Found : user_pref("CT3294791.enableSearchFromAddressBar", "true");
Found : user_pref("CT3294791.firstTimeDialogOpened", "true");
Found : user_pref("CT3294791.fixPageNotFoundError", "true");
Found : user_pref("CT3294791.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3294791.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3294791.fixUrls", true);
Found : user_pref("CT3294791.fullUserID", "UN80108621119424293.UP.20130623131500");
Found : user_pref("CT3294791.installId", "stub.exe");
Found : user_pref("CT3294791.installType", "conduitnsisintegration");
Found : user_pref("CT3294791.isCheckedStartAsHidden", true);
Found : user_pref("CT3294791.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3294791.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3294791.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3294791.keyword", true);
Found : user_pref("CT3294791.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3294791.lastVersion", "10.16.4.519");
Found : user_pref("CT3294791.mam_gk_appStateReportTime.enc", "MTM2OTM4MTQzOTk5OA==");
Found : user_pref("CT3294791.mam_gk_appState_CouponBuddy.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_Easytobook.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_WindowShopper.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3294791.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3294791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3294791.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Found : user_pref("CT3294791.mam_gk_eventsCache.enc", "eyI2MGIwM2VlMi0zNTg3LTRkZmItOTIyMi01YTZlNDE3NzI5NTUiO[...]
Found : user_pref("CT3294791.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3294791.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT3294791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3294791.mam_gk_lastLoginTime.enc", "MTM2OTM4MTQ0MDM1Mw==");
Found : user_pref("CT3294791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3294791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3294791.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3294791.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3294791.mam_gk_userId.enc", "M2NkOTQ3ZGYtNDc0ZS00MzYzLWE0NGItNmExZjg0ZDA5MTJi");
Found : user_pref("CT3294791.migrateAppsAndComponents", true);
Found : user_pref("CT3294791.missingMachineIdSent", "true");
Found : user_pref("CT3294791.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3294791.openThankYouPage", "false");
Found : user_pref("CT3294791.openUninstallPage", "true");
Found : user_pref("CT3294791.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&S[...]
Found : user_pref("CT3294791.originalSearchAddressUrl", "chrome://defaulttab/content/keywordURL.xul?");
Found : user_pref("CT3294791.originalSearchEngine", "Google");
Found : user_pref("CT3294791.revertSettingsEnabled", "false");
Found : user_pref("CT3294791.search.searchAppId", "130089396748860745");
Found : user_pref("CT3294791.search.searchCount", "0");
Found : user_pref("CT3294791.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3294791.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3294791.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3294791.searchSuggestEnabledByUser", "true");
Found : user_pref("CT3294791.searchUserMode", "2");
Found : user_pref("CT3294791.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3294791.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3294791.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3294791.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3294791.serviceLayer_services_Configuration_lastUpdate", "1372266905823");
Found : user_pref("CT3294791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368942195639");
Found : user_pref("CT3294791.serviceLayer_services_appsMetadata_lastUpdate", "1369381441387");
Found : user_pref("CT3294791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368942195738");
Found : user_pref("CT3294791.serviceLayer_services_location_lastUpdate", "1371834650621");
Found : user_pref("CT3294791.serviceLayer_services_login_10.16.2.509_lastUpdate", "1371915463440");
Found : user_pref("CT3294791.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369381441207");
Found : user_pref("CT3294791.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372333978176");
Found : user_pref("CT3294791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368942195672");
Found : user_pref("CT3294791.serviceLayer_services_searchAPI_lastUpdate", "1372266905763");
Found : user_pref("CT3294791.serviceLayer_services_serviceMap_lastUpdate", "1372266905662");
Found : user_pref("CT3294791.serviceLayer_services_setupAPI_lastUpdate", "1369331539451");
Found : user_pref("CT3294791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368942195706");
Found : user_pref("CT3294791.serviceLayer_services_toolbarSettings_lastUpdate", "1372333977933");
Found : user_pref("CT3294791.serviceLayer_services_translation_lastUpdate", "1372267027065");
Found : user_pref("CT3294791.settingsINI", true);
Found : user_pref("CT3294791.shouldFirstTimeDialog", "false");
Found : user_pref("CT3294791.showToolbarPermission", "false");
Found : user_pref("CT3294791.smartbar.CTID", "CT3294791");
Found : user_pref("CT3294791.smartbar.Uninstall", "0");
Found : user_pref("CT3294791.smartbar.homepage", true);
Found : user_pref("CT3294791.smartbar.isHidden", true);
Found : user_pref("CT3294791.smartbar.toolbarName", "Vafmusic2 ");
Found : user_pref("CT3294791.startPage", "true");
Found : user_pref("CT3294791.toolbarBornServerTime", "19-5-2013");
Found : user_pref("CT3294791.toolbarCurrentServerTime", "27-6-2013");
Found : user_pref("CT3294791.toolbarLoginClientTime", "Sun May 19 2013 01:43:15 GMT-0400 (Eastern Daylight T[...]
Found : user_pref("CT3294791.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL3Bva2VzIzo6OmNsaWNraGFu[...]
Found : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT329479[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Vafmusic2 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://defaulttab/content/keywordURL.xul?");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Found : user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3294791&ctid=CT3294791&S[...]
Found : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Found : user_pref("smartbar.machineId", "YDSWRDYDQVCMPKDXOLMLUMSDNEAMQ+YCLOKK3SMI+EYER9WVOO4LZX6RYJCPBOCKBJT[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3294791&CUI=UN801086211194[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.4234] : homepage = "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14533208306204217&UM=2&sspv=CHNTR1",

*************************

AdwCleaner[R1].txt - [38583 octets] - [27/06/2013 07:59:11]

########## EOF - C:\AdwCleaner[R1].txt - [38644 octets] ##########

 

___________________________________________________________________________

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Basic x64
Ran by kidd on Thu 06/27/2013 at  8:03:45.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 24x7helpsvc
Successfully deleted: [Service] 24x7helpsvc
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\24x7help
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcfixspeed
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smessaging
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2223149679-675425120-3915631555-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3198785
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3294791
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{312B4C1F-A600-4178-B2BD-1311ACD2766D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B0ADE26D-4C84-4D1A-8489-61E851E31928}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E87AD469-D481-4631-80FD-76C126F85F95}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\candyupdater.job"
Successfully deleted: [File] "C:\Users\kidd\desktop\optimizer pro.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\24x7 help"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\arcadecandy"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\strongvault"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\kidd\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcfixspeed"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\kidd\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\user.js
Successfully deleted: [File] C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\smartbar
Successfully deleted: [Folder] C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\extensions\getsav-in@jetpack
Successfully deleted: [Folder] C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted the following from C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\prefs.js

user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN124154948221722
user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WhiteSmokeNew
user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=");
user_pref("CT3289847.search.searchAppId", "130068661007799818");
user_pref("CT3289847.search.searchCount", "0");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
user_pref("CT3289847.smartbar.CTID", "CT3289847");
user_pref("CT3289847.smartbar.Uninstall", "0");
user_pref("CT3289847.smartbar.isHidden", true);
user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
user_pref("CT3289847.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL3Bva2VzIzo6OmNsaWNraGFuZGxlcjo6OjEzNjkzMzI1NDAxMDMsLCxodHRwczovL3d3dy5mYWNlYm9vay5jb20vcG9rZXMjOjo
user_pref("CT3294791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=");
user_pref("CT3294791.installType", "conduitnsisintegration");
user_pref("CT3294791.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=15&CUI=UN8010862111942429
user_pref("CT3294791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3294791.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-6E
user_pref("CT3294791.originalSearchAddressUrl", "chrome://defaulttab/content/keywordURL.xul?");
user_pref("CT3294791.search.searchAppId", "130089396748860745");
user_pref("CT3294791.search.searchCount", "0");
user_pref("CT3294791.smartbar.CTID", "CT3294791");
user_pref("CT3294791.smartbar.Uninstall", "0");
user_pref("CT3294791.smartbar.homepage", true);
user_pref("CT3294791.smartbar.isHidden", true);
user_pref("CT3294791.smartbar.toolbarName", "Vafmusic2 ");
user_pref("CT3294791.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL3Bva2VzIzo6OmNsaWNraGFuZGxlcjo6OjEzNjkzMzI1NDAxMDEsLCxodHRwczovL3d3dy5mYWNlYm9vay5jb20vcG9rZXMjOjo
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN80108621119424293&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B
user_pref("Smartbar.ConduitSearchEngineList", "Vafmusic2 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://defaulttab/content/keywordURL.xul?");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
user_pref("extensions.defaulttab.active.affiliate", 3564);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "8547CBB61D7B0C108AF5244EBAAC618C");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Conduit\", \"w
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "2.0");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3294791&ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN12415494822172248&UM=2&UP=SPD9B07DEF-14B2-4BA5-999B-
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN80108621119424293&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
user_pref("smartbar.homePageOwnerCTID", "CT3294791");
user_pref("smartbar.machineId", "YDSWRDYDQVCMPKDXOLMLUMSDNEAMQ+YCLOKK3SMI+EYER9WVOO4LZX6RYJCPBOCKBJTSLQZFZYHMLHXUAKQVNQ");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3294791&CUI=UN80108621119424293&UM=2&SearchSource=13&UP=SPD9B07DEF-14B2-4BA5-999B-6EBB0B7F7F23");
Emptied folder: C:\Users\kidd\AppData\Roaming\mozilla\firefox\profiles\rj3hj08x.default\minidumps [64 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\kidd\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Folder] C:\Users\kidd\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/27/2013 at  8:05:29.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

_____________________________________________________________________________

 

OTL logfile created on: 6/27/2013 10:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kidd\Downloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 6.68 Gb Available Physical Memory | 84.82% Memory free
15.74 Gb Paging File | 14.64 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.70 Gb Total Space | 249.35 Gb Free Space | 55.32% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.74 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
 
Computer Name: KIDD-PC | User Name: kidd | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/27 22:30:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kidd\Downloads\OTL.exe
PRC - [2013/06/12 00:04:10 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/24 04:32:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/12 00:04:09 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/24 04:32:48 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/25 12:28:44 | 000,099,096 | ---- | M] () -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{3bebc7be-9bfc-4393-ae38-1522b21b34b9}\components\SmartbarFireFoxRemotePlugin_21.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 09:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 21:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2013/06/12 00:04:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/28 21:58:17 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/05/24 04:32:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 08:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/28 21:58:17 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/01/31 05:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=453&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {312B4C1F-A600-4178-B2BD-1311ACD2766D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
 
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 B2 86 7C 61 76 CD 01  [binary data]
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\URLSearchHook: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\SearchScopes,DefaultScope = {A4D92AD5-B67F-43CE-8DA9-88F44FF0B59E}
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_enUS498
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\SearchScopes\{A4D92AD5-B67F-43CE-8DA9-88F44FF0B59E}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3294791.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=5610671689b9441fa07ce3555fba4a39&tu=11LG0008k2B0008&sku=&tstsId=&ver=&"
FF - prefs.js..extensions.enabledAddons: singalong%40xenophesoft.com:1.111
FF - prefs.js..extensions.enabledAddons: %7B3bebc7be-9bfc-4393-ae38-1522b21b34b9%7D:1.1
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.8
FF - prefs.js..extensions.enabledAddons: %7B7f3f960e-a836-45ca-8911-0accb522246e%7D:10.16.4.519
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\kidd\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/28 21:58:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/06/25 11:34:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SingAlong\FF\ [2013/05/18 19:36:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/20 09:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Extensions
[2013/06/27 12:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions
[2013/05/19 01:43:03 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{3bebc7be-9bfc-4393-ae38-1522b21b34b9}
[2013/06/23 13:14:37 | 000,000,000 | ---D | M] (Vafmusic2) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
[2013/06/26 15:52:08 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\[email protected]
[2013/06/27 12:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\staged
[2013/06/19 00:41:20 | 000,304,556 | ---- | M] () (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\[email protected]
[2013/03/23 11:55:42 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/01/23 06:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/06/27 12:23:01 | 000,316,574 | ---- | M] () (No name found) -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\extensions\staged\[email protected]
[2013/06/05 15:24:58 | 000,001,092 | ---- | M] () -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\searchplugins\vafmusic2-customized-web-search.xml
[2013/06/05 15:21:14 | 000,000,915 | ---- | M] () -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\searchplugins\yahoo.xml
[2013/06/26 15:31:21 | 000,001,488 | ---- | M] () -- C:\Users\kidd\AppData\Roaming\Mozilla\Firefox\Profiles\rj3hj08x.default\searchplugins\zonealarm.xml
[2013/05/24 04:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/24 04:32:42 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/24 04:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 04:32:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/18 19:36:32 | 000,000,000 | ---D | M] ("Sing Along") -- C:\PROGRAM FILES (X86)\SINGALONG\FF
[2013/02/18 19:09:19 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=685749&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14533208306204217&UM=2&sspv=CHNTR1
CHR - plugin: First user (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Surf Canyon = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.4.10_0\
CHR - Extension: YouTube = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AVG Safe Search = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: getsav-in = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: AVG Secure Search = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.1.10_0\
CHR - Extension: ArcadeCandy Games = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\
CHR - Extension: ArcadeCandy Games = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.30.455_0\
CHR - Extension: Fantapper = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\2.0.3_0\
CHR - Extension: Gmail = C:\Users\kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/26 15:46:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Vafmusic2 Toolbar) - {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll (Conduit Ltd.)
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll File not found
O2 - BHO: (getsav-in 5.0) - {EB3BACA1-07C8-49C3-A005-0EA90023D5AE} - C:\Users\kidd\AppData\Local\getsav-in\ie\getsav-in_1372274702.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vafmusic2 Toolbar) - {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\..\Toolbar\WebBrowser: (Vafmusic2 Toolbar) - {7F3F960E-A836-45CA-8911-0ACCB522246E} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe File not found
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [Facebook Update] C:\Users\kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000..\Run: [Pinger] C:\Program Files (x86)\Pinger\Pinger.exe ()
O4 - Startup: C:\Users\kidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\kidd\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\kidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABCF1053-F91B-4F85-8F36-A43C363C4B29}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/27 08:03:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/27 08:03:36 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/26 15:50:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/26 15:46:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/26 15:31:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/26 15:31:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/26 15:31:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/26 15:31:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/26 15:31:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/26 15:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
[2013/06/26 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\Check Point Software Technologies LTD
[2013/06/26 15:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013/06/26 15:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/06/26 15:30:56 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Local\getsav-in
[2013/06/26 15:28:41 | 000,000,000 | ---D | C] -- C:\Users\kidd\Desktop\mbar
[2013/06/25 20:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/25 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2013/06/25 11:49:24 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Local\ESET
[2013/06/25 11:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/06/25 11:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/06/25 11:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/25 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\TuneUp Software
[2013/06/25 11:28:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/06/15 21:00:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/15 21:00:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/14 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\WinRAR
[2013/06/14 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/14 12:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/14 12:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/06/12 21:01:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 21:01:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 21:01:24 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 21:01:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 21:01:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 21:01:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 21:01:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 21:01:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 21:01:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 21:01:23 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 21:01:22 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 21:01:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 21:01:22 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 15:15:41 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 15:15:41 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 15:15:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 15:15:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 15:15:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 15:15:32 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 15:15:32 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 15:15:32 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 15:15:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 15:15:32 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 15:15:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 15:15:29 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 15:15:29 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/08 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Local\pinger.com
[2013/06/08 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Local\Caphyon
[2013/06/08 20:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinger
[2013/06/08 20:52:39 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\Pinger Inc
[2013/06/08 19:51:39 | 000,000,000 | ---D | C] -- C:\Users\kidd\fontconfig
[2013/06/06 16:56:05 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Local\Microsoft Games
[2013/06/05 21:02:19 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/06/05 21:02:19 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/06/05 21:02:19 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/06/05 21:02:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/06/05 21:02:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/06/05 21:02:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/06/05 21:02:19 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/06/05 21:02:19 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/05 21:02:19 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/06/05 21:02:19 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/06/05 21:02:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/05 21:02:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/06/05 21:02:18 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/05 21:02:18 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/06/05 21:02:18 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/06/05 21:02:18 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/06/05 21:02:18 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/05 21:02:18 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/06/05 21:02:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/06/05 21:02:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/06/05 21:02:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/06/05 21:02:18 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/06/05 21:02:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/06/05 21:02:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/06/05 21:02:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/06/05 21:02:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/06/05 21:02:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/06/05 21:02:17 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/05 21:02:17 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/06/05 21:02:17 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/06/05 21:02:17 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/06/05 21:02:17 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/05 21:02:17 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/06/05 21:02:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/06/05 21:02:17 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/06/05 21:02:17 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/05 21:02:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/05 21:02:17 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/06/05 21:02:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/06/05 21:02:17 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/06/05 21:02:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/06/05 21:02:17 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/06/05 21:02:17 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/06/05 21:02:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/05 21:02:17 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/06/05 21:02:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/06/05 21:02:17 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/06/05 21:02:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/06/05 21:02:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/06/05 21:02:17 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/06/05 21:02:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/06/05 21:02:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/06/05 21:02:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/06/05 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\Canneverbe Limited
[2013/06/05 16:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013/06/05 16:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013/06/05 16:43:02 | 000,000,000 | ---D | C] -- C:\Users\kidd\Documents\Emicsoft Studio
[2013/06/05 16:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emicsoft
[2013/06/05 16:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emicsoft Studio
[2013/06/05 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\dvdcss
[2013/06/05 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\kidd\Documents\Any Video Converter Ultimate
[2013/06/05 15:22:01 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\AnvSoft
[2013/06/05 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2013/06/05 14:59:46 | 000,033,872 | ---- | C] (AnvSoft Inc.) -- C:\Windows\SysNative\drivers\anvsnddrv.sys
[2013/06/05 14:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2013/06/05 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\kidd\AppData\Roaming\uTorrent
[2013/06/03 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/06/03 16:56:53 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/26 16:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 16:33:42 | 2044,600,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 16:17:28 | 000,017,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 16:17:28 | 000,017,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 15:46:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/26 15:30:59 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\24x7 Help.lnk
[2013/06/26 15:30:56 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2013/06/25 18:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/25 17:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/25 15:31:28 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013/06/25 15:31:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/25 12:30:06 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2223149679-675425120-3915631555-1000UA.job
[2013/06/24 21:30:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2223149679-675425120-3915631555-1000Core.job
[2013/06/20 21:13:40 | 000,103,143 | ---- | M] () -- C:\Users\kidd\Desktop\17510_564525646924469_1986825649_n.jpg
[2013/06/19 16:42:23 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/17 11:45:10 | 000,028,785 | ---- | M] () -- C:\Users\kidd\Desktop\gangster-gun-tattoo.jpg
[2013/06/17 11:43:59 | 000,122,222 | ---- | M] () -- C:\Users\kidd\Desktop\tumblr_lsmqhxnrRF1qfumxlo1_500.jpg
[2013/06/17 11:43:43 | 000,079,868 | ---- | M] () -- C:\Users\kidd\Desktop\tumblr_mc9e9d5kLF1qebyquo1_500.jpg
[2013/06/17 11:40:58 | 000,051,150 | ---- | M] () -- C:\Users\kidd\Desktop\skull-girl--large-msg-129041999703.jpg
[2013/06/17 11:35:36 | 000,110,126 | ---- | M] () -- C:\Users\kidd\Desktop\smile_now_cry_later_shade_by_WillemXSM.jpg
[2013/06/17 11:34:49 | 000,025,028 | ---- | M] () -- C:\Users\kidd\Desktop\laugh_now_cry_later_by_blinedzine3.jpg
[2013/06/17 10:33:38 | 000,117,998 | ---- | M] () -- C:\Users\kidd\Desktop\992962_537184933007066_30669848_n.jpg
[2013/06/17 10:20:37 | 000,013,558 | ---- | M] () -- C:\Users\kidd\Desktop\skull_mj.jpg
[2013/06/17 10:20:26 | 000,171,741 | ---- | M] () -- C:\Users\kidd\Desktop\skull-weed-big.jpg
[2013/06/17 10:18:08 | 000,007,512 | ---- | M] () -- C:\Users\kidd\Desktop\images.jpg
[2013/06/15 21:05:17 | 000,816,134 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/15 21:05:17 | 000,693,038 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/15 21:05:17 | 000,130,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/15 21:05:09 | 000,816,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/13 11:13:03 | 000,002,383 | ---- | M] () -- C:\Users\kidd\Documents\resume.rtf
[2013/06/12 21:03:42 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/06/12 00:04:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 00:04:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 16:01:39 | 000,022,041 | ---- | M] () -- C:\Users\kidd\Desktop\cross.jpg
[2013/06/08 20:53:38 | 000,000,947 | ---- | M] () -- C:\Users\kidd\Desktop\Pinger.lnk
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/05 21:02:19 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/06/05 21:02:19 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/06/05 21:02:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/06/05 21:02:19 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/06/05 21:02:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/06/05 21:02:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/06/05 21:02:19 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/06/05 21:02:19 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/05 21:02:19 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/06/05 21:02:19 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/06/05 21:02:19 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/06/05 21:02:19 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/05 21:02:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/06/05 21:02:18 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/05 21:02:18 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/06/05 21:02:18 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/06/05 21:02:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/06/05 21:02:18 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/05 21:02:18 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/06/05 21:02:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/06/05 21:02:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/06/05 21:02:18 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/06/05 21:02:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/06/05 21:02:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/06/05 21:02:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/06/05 21:02:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/05 21:02:18 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/06/05 21:02:18 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/06/05 21:02:17 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/05 21:02:17 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/06/05 21:02:17 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/06/05 21:02:17 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/06/05 21:02:17 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/05 21:02:17 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/06/05 21:02:17 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/06/05 21:02:17 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/06/05 21:02:17 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/05 21:02:17 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/05 21:02:17 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/06/05 21:02:17 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/06/05 21:02:17 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/06/05 21:02:17 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/06/05 21:02:17 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/06/05 21:02:17 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/06/05 21:02:17 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/05 21:02:17 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/06/05 21:02:17 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/06/05 21:02:17 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/06/05 21:02:17 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/06/05 21:02:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/06/05 21:02:17 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/06/05 21:02:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/05 21:02:17 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/06/05 21:02:17 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/06/05 21:02:16 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/06/05 16:45:57 | 000,001,965 | ---- | M] () -- C:\Users\kidd\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/06/05 16:45:57 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/06/05 16:42:54 | 000,001,355 | ---- | M] () -- C:\Users\kidd\Desktop\Emicsoft FLV Converter.lnk
[2013/06/05 15:01:43 | 000,001,284 | ---- | M] () -- C:\Users\kidd\Desktop\Any Video Converter Ultimate.lnk
[2013/06/05 11:25:08 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/06/05 11:25:08 | 000,000,792 | ---- | M] () -- C:\Users\kidd\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/26 15:31:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/26 15:31:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/26 15:31:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/26 15:31:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/26 15:31:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/26 15:30:59 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\24x7 Help.lnk
[2013/06/26 15:30:56 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2013/06/20 21:13:38 | 000,103,143 | ---- | C] () -- C:\Users\kidd\Desktop\17510_564525646924469_1986825649_n.jpg
[2013/06/17 11:45:10 | 000,028,785 | ---- | C] () -- C:\Users\kidd\Desktop\gangster-gun-tattoo.jpg
[2013/06/17 11:43:58 | 000,122,222 | ---- | C] () -- C:\Users\kidd\Desktop\tumblr_lsmqhxnrRF1qfumxlo1_500.jpg
[2013/06/17 11:43:40 | 000,079,868 | ---- | C] () -- C:\Users\kidd\Desktop\tumblr_mc9e9d5kLF1qebyquo1_500.jpg
[2013/06/17 11:40:58 | 000,051,150 | ---- | C] () -- C:\Users\kidd\Desktop\skull-girl--large-msg-129041999703.jpg
[2013/06/17 11:35:36 | 000,110,126 | ---- | C] () -- C:\Users\kidd\Desktop\smile_now_cry_later_shade_by_WillemXSM.jpg
[2013/06/17 11:34:47 | 000,025,028 | ---- | C] () -- C:\Users\kidd\Desktop\laugh_now_cry_later_by_blinedzine3.jpg
[2013/06/17 10:33:37 | 000,117,998 | ---- | C] () -- C:\Users\kidd\Desktop\992962_537184933007066_30669848_n.jpg
[2013/06/17 10:20:37 | 000,013,558 | ---- | C] () -- C:\Users\kidd\Desktop\skull_mj.jpg
[2013/06/17 10:20:26 | 000,171,741 | ---- | C] () -- C:\Users\kidd\Desktop\skull-weed-big.jpg
[2013/06/17 10:18:08 | 000,007,512 | ---- | C] () -- C:\Users\kidd\Desktop\images.jpg
[2013/06/11 16:01:38 | 000,022,041 | ---- | C] () -- C:\Users\kidd\Desktop\cross.jpg
[2013/06/08 20:53:38 | 000,000,947 | ---- | C] () -- C:\Users\kidd\Desktop\Pinger.lnk
[2013/06/08 16:00:39 | 000,002,383 | ---- | C] () -- C:\Users\kidd\Documents\resume.rtf
[2013/06/05 21:02:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/05 21:02:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/05 16:45:57 | 000,001,965 | ---- | C] () -- C:\Users\kidd\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/06/05 16:45:57 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/06/05 16:45:57 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013/06/05 16:42:54 | 000,001,355 | ---- | C] () -- C:\Users\kidd\Desktop\Emicsoft FLV Converter.lnk
[2013/06/05 15:01:43 | 000,001,284 | ---- | C] () -- C:\Users\kidd\Desktop\Any Video Converter Ultimate.lnk
[2013/06/05 11:25:08 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/06/05 11:25:08 | 000,000,792 | ---- | C] () -- C:\Users\kidd\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/03 16:56:56 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/28 21:58:23 | 000,003,716 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/05/18 19:39:16 | 000,816,134 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/23 18:10:21 | 000,007,618 | ---- | C] () -- C:\Users\kidd\AppData\Local\Resmon.ResmonCfg
[2012/08/11 14:51:35 | 000,000,258 | RHS- | C] () -- C:\Users\kidd\ntuser.pol
[2012/08/09 13:54:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 OTL Extras logfile created on: 6/27/2013 10:32:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kidd\Downloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 6.68 Gb Available Physical Memory | 84.82% Memory free
15.74 Gb Paging File | 14.64 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.70 Gb Total Space | 249.35 Gb Free Space | 55.32% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.74 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
 
Computer Name: KIDD-PC | User Name: kidd | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0839121A-DFAB-4724-991A-3B6CC2991A2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{184E8512-1F05-4191-A84F-DA4A3F5CE198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2390A2A7-2BF2-4E05-AC05-30A0AC15FBFC}" = rport=138 | protocol=17 | dir=out | app=system |
"{3754AE2B-72E3-4E4C-8AD8-6143694941BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{38376A2F-4877-40ED-83FF-45964640629E}" = lport=138 | protocol=17 | dir=in | app=system |
"{439243C7-F764-4CDC-BA08-D6AF9591FCD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{439A2B35-B547-4EA4-A39F-14DEA4F207A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58BD5DB1-FE75-455D-AE6B-F5AFF658ABA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A555443-3218-454E-90A9-A3316FAD9F16}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A2026D49-2803-48B9-98CD-0BA57108FBD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A86D21B3-7106-43FD-989B-B800491F0E7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABD21827-3C14-4F81-B222-A87D9D569E34}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF5C6F97-B1CB-4045-A8A5-87916F84B1BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF8E0E98-B207-4CF5-AA7A-97C190CDA7BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C23376C8-A7BF-44A1-86BD-0C1C1565C584}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C2FD893C-71DC-493B-8924-6B1DB7799CA7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4803DE7-8DD6-4A91-BA80-D4EFB487FE20}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DCB147E4-376A-4C7D-99B6-283AE76EA2B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{E189B382-6745-4FAE-B947-59C63B750DD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F809120F-5BD1-42EB-8811-6B35806D1557}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0133C480-B5EB-4DFD-8CD2-C3010CEDB089}" = protocol=17 | dir=in | app=c:\program files (x86)\bucksbee loyalty plugin - 100815\troubleshooter.exe |
"{01C0E3D0-0F09-4286-9601-551A20FF6A28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{10E9BCC3-E061-44E6-878F-3C9BA6295683}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1253D53E-7962-4280-8AE7-D70394D5DA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{12C32DA4-74A8-4778-913C-A2C231B8BBA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{15A32D1D-A4DB-467D-9546-E4FE111E252F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BB1B269-7C71-482A-8C45-1158D66EE728}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{2C6C947E-C620-427D-9F28-B6C3F859AF7A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{3161642C-22A3-4E3E-9626-B990E92FBE85}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{32279BD3-6C55-41AE-A3B5-3C2B655BB60A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D4FA33E-D271-491D-95C6-3AA697CCEF91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4034B07D-024C-4713-BD35-53D72E365466}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4993FD85-6843-4719-969F-90A4D47D34BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A74675E-889D-4774-AFA2-5F1D6087A5F9}" = protocol=6 | dir=in | app=c:\users\kidd\appdata\roaming\utorrent\utorrent.exe |
"{5B141FD4-2CEF-40FA-BBC2-0FB9C4BDEDF2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6866616D-B566-419B-B6D0-9E012DEA4A6E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6F9AA038-05B7-45FC-A852-6DDFE1C39CD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D964C90-6B5D-416A-ABC9-8B87099E5B6F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AC00BE9-8EDE-4023-842B-44FE38DCE8B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB507FA6-57AF-40DC-A071-DBB63A10C7D0}" = protocol=17 | dir=in | app=c:\users\kidd\appdata\roaming\utorrent\utorrent.exe |
"{BB985381-2D4F-42C2-A699-618211AE07F9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DFA0D67B-41EC-495B-B27A-DDEB5207343E}" = protocol=6 | dir=in | app=c:\program files (x86)\bucksbee loyalty plugin - 100815\troubleshooter.exe |
"{E7B70361-5CAE-41BF-BCA7-EE53EBEE584A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F907FAAF-FF82-4DC3-AC22-B296E4AAC563}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FC59B9C8-6461-4CBB-9390-792DA412CEAA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"TCP Query User{AE2150CB-4E0F-4DDF-AC8D-1DC6D258DB5C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{E4C4093D-FA3C-4821-A047-2F2E223C9E35}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |
"UDP Query User{6F856850-647A-4F04-BD39-CD93EC8E0298}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |
"UDP Query User{B356192D-E174-4490-8E5E-37AAE488F6FB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{C2C49561-CD30-4A44-92AB-81BC2ECA2CB0}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 5.00 beta 4 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{273130E8-117C-4237-A0FA-83EBBF11E051}" = Driver Restore
"{57570C54-7615-4925-8219-895F01EBB16B}" = Fantapper Updater
"{59DB31A9-BCB0-4985-ACA6-F6477C7BE367}" = Strongvault Online Backup
"{62BC7EFB-47F5-4619-9B74-7DDA72D5AF7E}" = QuickShare
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{9B56B031-A6C0-4BB7-8F61-938548C1B759}" = Pinger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{CDACD4C9-F984-409A-9D26-DF77E003FD89}" = Fantapper Player
"{D29FEDBA-417D-4F74-81D5-4F5916215348}" = LG Verizon United Drivers
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.24
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-zip" = 7-zip v9.20
"AChat_is1" = AChat 1.17
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.6.0
"AVG Secure Search" = AVG Security Toolbar
"Debut" = Debut Video Capture Software
"DomaIQ Uninstaller" = DomaIQ
"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"getsav-in" = getsav-in
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"ManyCam" = ManyCam 3.1.51
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.10.03
"Optimizer Pro_is1" = Optimizer Pro v3.1
"Red Light Center 3D Client" = Red Light Center 3D Client
"SearchProtect" = Search Protect by conduit
"[email protected]" = Sing Along
"SMPlayer" = SMPlayer 0.6.9
"uTorrent" = µTorrent
"Vafmusic2 Toolbar" = Vafmusic2 Toolbar
"VideoPad" = VideoPad Video Editor
"Wajam" = Wajam
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2223149679-675425120-3915631555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6A2EF989-A524-48bf-985F-9D076B334980}" = ArcadeCandy
"Pinger 1.1.0.9" = Pinger
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 6/27/2013 10:30:42 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:34:44 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:34:44 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:34:44 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:35:56 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:35:56 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:35:56 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:35:56 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:35:56 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 6/27/2013 10:35:56 PM | Computer Name = kidd-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
 

____________________________________________________________________________________________

 

C:\Program Files (x86)\SingAlong\chrome.crx    Win32/Adware.AddLyrics.F application    deleted - quarantined
C:\Program Files (x86)\SingAlong\FF\chrome\content\main.js    Win32/Adware.AddLyrics.F application    cleaned by deleting - quarantined
 

 

 

========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:BF3D62E7

< End of report >
 

_______________________________________________________________________________

 

 

 



#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 28 June 2013 - 12:30 AM

Still have a little more to do, but we're nearly there.

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.



    :OTL

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

     


    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

 

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

 

It's late here so I'll call it a night and check back here tomorrow.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 lilbit2604

lilbit2604
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 28 June 2013 - 01:37 AM

I ran both programs, they ran fine but upon restart neither program brought back up a txt file, i ran them both twice once rebooting in regular mode and the second time in safe mode. Neither time did i get the results of running both programs. When i restarted in regular mode I now get  a pop up that says DriverRestore.exe Error, application not generated a exception. ProccessID=0x3ec(1004) Thread ID=0x7ec(1964) after clicking off of this either by the x or or saying ok, all programs either shut down or refuse to start.


Edited by lilbit2604, 28 June 2013 - 01:38 AM.


#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 28 June 2013 - 10:32 AM

Do you recognize the program Driver Retore? Is this something you use/want to keep?


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 lilbit2604

lilbit2604
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 28 June 2013 - 10:49 AM

its a program designed to restore drivers if there is a problem, but its not something thats most needed for the system to work



#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 28 June 2013 - 11:02 AM

Since it's corrupt, let's delete it for now. Try reinstalling it after this.

 

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

 

Folder::

C:\Program Files (x86)\Driver Restore

 

Reboot::



Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now
 
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 lilbit2604

lilbit2604
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 June 2013 - 06:40 PM

I used the program, but it doesnt remove or delete the program, no difference made to the computer



#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 29 June 2013 - 09:55 PM

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select Driver Restore.

Please click Uninstall icon to uninstall the selected program.
2ev563d.gif

Please choose Advanced.
aubbd2.gif

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)
2hdphqf.gif
to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:11 AM

Posted 03 July 2013 - 10:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users