Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess & Rootkit....


  • This topic is locked This topic is locked
113 replies to this topic

#1 ndonaldson2912

ndonaldson2912

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 18 June 2013 - 06:18 PM

Scanned PC with FRST and have found several problems relating to ZeroAccess and Rootkit. Could do with some professional help in trying to resolve the issue.... I will paste below the FRST and Addition txt files.

 

Many thanks in Advance

 

ndonaldson2912



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013
Ran by Norm (administrator) on 19-06-2013 00:08:17
Running from C:\Users\Norm\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
() C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1553832 2007-08-31] (Microsoft Corporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1555968 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Norm\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-03-30] (Google Inc.)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_13722F0580CA191EC89E26C74285026F] "C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-05-29] (Google Inc.)
HKCU\...\Runonce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit/534.10_(KHTML,_like_Gecko)_Chrome/8.0.552.224_Safari/534.10" -"http://news.bbc.co.uk/sport1/hi/football/fa_cup/virtual_replay/6636845.stm?goalid=501071" [x]
MountPoints2: F - WDSetup.exe
MountPoints2: I - WDSetup.exe
MountPoints2: {cfbb9752-d7a1-11df-b86e-002215e13da7} - E:\Installer.exe
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-GB;_rv:1.9.2.16)_Gecko/20110319_Firefox/3.6.16_(.NET_CLR_3.5.30729)_;ShopperReports" -"http://www.gameflox.com/flash-games/419/tiger-cross.html" [x]
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
HKCU SearchScopes: DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyYT1tybo&i=26
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=923D002215E13DA7
SearchScopes: HKCU - {4C489F2C-1907-4C67-99A0-2004C107870A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyYT1tybo&i=26
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Babylon - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\ffxtlbr@delta.com
FF Extension: incredibar.com - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Firebug - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\firebug@software.joehewitt.com
FF Extension: Yontoo - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\plugin@yontoo.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SelectionLinks - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{AB6F7EFE-20F0-41F3-96BD-96D7DF8056D5}
FF Extension: FreeOnlineRadioPlayerRecorder Toolbar - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
 
Chrome: 
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
CHR RestoreOnStartup: "hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7"
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Norm\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Norm\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Norm\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Pinball Corporation.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Select Links App) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aineemkafbbcgobgdgehgcnmnmfgdkpg\4.3_0
CHR Extension: (YouTube) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (MixiDJ Toolbar) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp\1.2_0
CHR Extension: (Google Search) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Babylon Toolbar) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0
CHR Extension: (IB Updater) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.574_0
CHR Extension: (AdBlock) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
CHR Extension: (New tab for Chrome™) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0
CHR Extension: (Yontoo) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (GoPhoto.it) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0
CHR Extension: (Gmail) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-03-31] ()
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
 
==================== Drivers (Whitelisted) ====================
 
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-04-02] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-04-02] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-03] ()
U3 ahebwd4f; C:\Windows\System32\Drivers\ahebwd4f.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-19 00:07 - 2013-06-19 00:07 - 00016550 ____A C:\Users\Norm\Desktop\Addition.txt
2013-06-19 00:06 - 2013-06-19 00:06 - 00000000 ____D C:\FRST
2013-06-19 00:05 - 2013-06-19 00:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-19 00:02 - 2013-06-19 00:02 - 00000427 ____A C:\Users\Norm\Desktop\tdsskiller.exe - Shortcut.lnk
2013-06-19 00:02 - 2013-06-19 00:02 - 00000421 ____A C:\Users\Norm\Desktop\iExplore.exe - Shortcut.lnk
2013-06-19 00:02 - 2013-06-18 22:25 - 01928350 ____A (Farbar) C:\Users\Norm\Desktop\FRST64.exe
2013-06-18 23:46 - 2013-06-18 23:46 - 00000017 ____A C:\Users\Norm\Downloads\fixlist (7).txt
2013-06-18 22:24 - 2013-06-18 22:25 - 00609336 ____A C:\Users\Norm\Downloads\setup (1).exe
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\Users\Norm\AppData\Roaming\Delta
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-18 22:21 - 2013-06-18 22:22 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-06-18 22:21 - 2013-06-18 22:22 - 00000000 ____A C:\END
2013-06-18 22:21 - 2013-06-18 22:21 - 00609336 ____A C:\Users\Norm\Downloads\setup.exe
2013-06-18 22:21 - 2013-06-18 22:21 - 00000000 ____D C:\Users\Norm\AppData\Local\Wajam
2013-06-18 20:51 - 2013-06-18 20:51 - 00000277 ____A C:\Users\Norm\Downloads\fixlist.txt
2013-06-12 18:42 - 2013-06-12 18:43 - 04472121 ____A (CamStudio Open Source Dev Team                              ) C:\Users\Norm\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2013-06-12 18:42 - 2013-06-12 18:42 - 00000000 ____D C:\Users\Norm\AppData\Roaming\BabSolution
2013-06-12 18:41 - 2013-06-13 10:53 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-12 18:40 - 2013-06-12 18:41 - 00434000 ____A C:\Users\Norm\AppData\Local\dd_vcredistMSI3258.txt
2013-06-12 18:40 - 2013-06-12 18:41 - 00011426 ____A C:\Users\Norm\AppData\Local\dd_vcredistUI3258.txt
2013-06-12 18:39 - 2013-06-12 18:39 - 00584600 ____A C:\Users\Norm\Downloads\cbsidlm-tr1_13-CamStudio-ORG-10067101.exe
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\Users\Norm\AppData\Roaming\TuneUp Software
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Users\Norm\AppData\Roaming\OpenCandy
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Users\Norm\AppData\Roaming\DVDVideoSoft
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-12 00:46 - 2013-06-12 00:47 - 24941888 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Norm\Downloads\FreeYouTubeToMP3Converter.exe
2013-06-06 21:02 - 2013-06-06 21:02 - 02699009 ____A C:\Users\Norm\Downloads\Pailleuse_Agram_Jet_de_paille_Luxfarm_LS_2013.zip
2013-06-06 00:43 - 2013-06-06 00:43 - 04942811 ____A C:\Users\Norm\Downloads\Huehnerstall.zip
2013-06-05 20:00 - 2013-06-05 20:01 - 19945212 ____A C:\Users\Norm\Downloads\ClaasLexion550.zip
2013-06-05 18:17 - 2013-06-05 18:18 - 20085933 ____A C:\Users\Norm\Downloads\ClaasLexion770TT.exe
2013-05-31 21:08 - 2013-05-31 21:11 - 25685050 ____A C:\Users\Norm\Downloads\CaseCVX175.exe
2013-05-31 21:07 - 2013-05-31 21:14 - 135916243 ____A C:\Users\Norm\Downloads\Agrarfrost_Open_Me.zip
2013-05-31 01:59 - 2013-05-31 01:59 - 05749340 ____A C:\Users\Norm\Downloads\EXTREME_BALING_1.zip
2013-05-31 01:09 - 2013-05-31 01:09 - 14878725 ____A C:\Users\Norm\Downloads\Abbey_Manure_Handling_Kit_2013.zip
2013-05-31 01:08 - 2013-05-31 01:08 - 07078085 ____A C:\Users\Norm\Downloads\Volvo_BM_Slurry_Tanker_2013.exe
2013-05-31 01:06 - 2013-05-31 01:06 - 02587151 ____A C:\Users\Norm\Downloads\Kidd_FH_346.exe
2013-05-31 00:58 - 2013-05-31 00:58 - 08025941 ____A C:\Users\Norm\Downloads\Silage_Trailers_UNZIP.zip
2013-05-30 19:02 - 2013-05-30 19:02 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec (1).exe
2013-05-30 18:32 - 2013-05-30 18:32 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec.exe
2013-05-30 18:30 - 2013-05-30 18:30 - 06225952 ____A C:\Users\Norm\Downloads\Ifor_Williams_FlatBed.exe
2013-05-30 18:29 - 2013-05-30 18:29 - 02911639 ____A C:\Users\Norm\Downloads\JF_FH1450.exe
2013-05-30 17:13 - 2013-05-30 17:13 - 00658001 ____A C:\Users\Norm\Downloads\StehrSilageCompactor1_1.exe
2013-05-30 17:12 - 2013-05-30 17:12 - 01285745 ____A C:\Users\Norm\Downloads\westTrailer.exe
2013-05-30 17:07 - 2013-05-30 17:07 - 01810597 ____A C:\Users\Norm\Downloads\Kane_Low_Loader.exe
2013-05-30 17:03 - 2013-05-30 17:03 - 14655535 ____A C:\Users\Norm\Downloads\NH8340_97.exe
2013-05-30 17:02 - 2013-05-30 17:03 - 24205656 ____A C:\Users\Norm\Downloads\NewHollandT7550.exe
2013-05-30 12:32 - 2013-05-30 12:33 - 00000000 ____D C:\Users\Norm\Desktop\Church Hill Silver
2013-05-28 10:39 - 2013-05-28 10:43 - 106036493 ____A C:\Users\Norm\Downloads\HolsteinValley.exe
2013-05-28 10:25 - 2013-05-28 10:25 - 16416638 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.zip
2013-05-28 10:20 - 2013-05-28 10:23 - 81388312 ____A C:\Users\Norm\Downloads\an_irish_arable_farm.exe
2013-05-27 20:48 - 2013-05-27 20:48 - 00172201 ____A C:\Users\Norm\Downloads\Hirable_Tools.rar
2013-05-27 20:28 - 2013-05-27 20:29 - 16503178 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.exe
2013-05-27 20:27 - 2013-05-27 20:28 - 14225895 ____A C:\Users\Norm\Downloads\MF5480.exe
 
==================== One Month Modified Files and Folders =======
 
2013-06-19 00:07 - 2013-06-19 00:07 - 00016550 ____A C:\Users\Norm\Desktop\Addition.txt
2013-06-19 00:06 - 2013-06-19 00:06 - 00000000 ____D C:\FRST
2013-06-19 00:05 - 2013-06-19 00:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-19 00:04 - 2012-10-05 16:06 - 00000974 ____A C:\rkill.log
2013-06-19 00:02 - 2013-06-19 00:02 - 00000427 ____A C:\Users\Norm\Desktop\tdsskiller.exe - Shortcut.lnk
2013-06-19 00:02 - 2013-06-19 00:02 - 00000421 ____A C:\Users\Norm\Desktop\iExplore.exe - Shortcut.lnk
2013-06-18 23:46 - 2013-06-18 23:46 - 00000017 ____A C:\Users\Norm\Downloads\fixlist (7).txt
2013-06-18 23:44 - 2012-12-27 15:34 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-18 23:43 - 2009-10-13 17:17 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 23:42 - 2009-10-13 17:17 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 23:40 - 2006-11-02 16:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 23:40 - 2006-11-02 16:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 23:39 - 2009-03-30 23:14 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-18 23:39 - 2006-11-02 16:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 23:16 - 2006-11-02 16:42 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 22:25 - 2013-06-19 00:02 - 01928350 ____A (Farbar) C:\Users\Norm\Desktop\FRST64.exe
2013-06-18 22:25 - 2013-06-18 22:24 - 00609336 ____A C:\Users\Norm\Downloads\setup (1).exe
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\Users\Norm\AppData\Roaming\Delta
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-18 22:22 - 2013-06-18 22:21 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-06-18 22:22 - 2013-06-18 22:21 - 00000000 ____A C:\END
2013-06-18 22:22 - 2010-11-17 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-18 22:21 - 2013-06-18 22:21 - 00609336 ____A C:\Users\Norm\Downloads\setup.exe
2013-06-18 22:21 - 2013-06-18 22:21 - 00000000 ____D C:\Users\Norm\AppData\Local\Wajam
2013-06-18 22:21 - 2013-02-25 00:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 22:17 - 2009-07-01 10:44 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3103576913-196209731-1286867056-1000UA.job
2013-06-18 22:01 - 2009-03-30 21:07 - 00001460 ____A C:\Users\Norm\AppData\Local\d3d9caps64.dat
2013-06-18 21:43 - 2012-11-08 13:15 - 00000000 ____D C:\Users\Norm\Documents\FIFA 13
2013-06-18 21:22 - 2010-11-30 16:51 - 00007916 ____A C:\Users\Norm\AppData\Local\d3d9caps.dat
2013-06-18 20:51 - 2013-06-18 20:51 - 00000277 ____A C:\Users\Norm\Downloads\fixlist.txt
2013-06-14 19:36 - 2008-01-21 04:26 - 00051310 ____A C:\Windows\PFRO.log
2013-06-13 21:50 - 2013-02-16 20:11 - 00000000 ____D C:\ProgramData\LogMeIn
2013-06-13 19:46 - 2008-01-21 02:53 - 01661653 ____A C:\Windows\WindowsUpdate.log
2013-06-13 10:53 - 2013-06-12 18:41 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-12 19:17 - 2009-07-01 10:44 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3103576913-196209731-1286867056-1000Core.job
2013-06-12 19:02 - 2009-07-14 16:08 - 00000892 ____A C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
2013-06-12 18:43 - 2013-06-12 18:42 - 04472121 ____A (CamStudio Open Source Dev Team                              ) C:\Users\Norm\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2013-06-12 18:42 - 2013-06-12 18:42 - 00000000 ____D C:\Users\Norm\AppData\Roaming\BabSolution
2013-06-12 18:41 - 2013-06-12 18:40 - 00434000 ____A C:\Users\Norm\AppData\Local\dd_vcredistMSI3258.txt
2013-06-12 18:41 - 2013-06-12 18:40 - 00011426 ____A C:\Users\Norm\AppData\Local\dd_vcredistUI3258.txt
2013-06-12 18:39 - 2013-06-12 18:39 - 00584600 ____A C:\Users\Norm\Downloads\cbsidlm-tr1_13-CamStudio-ORG-10067101.exe
2013-06-12 18:38 - 2009-03-30 21:07 - 00000000 ____D C:\users\Norm
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\Users\Norm\AppData\Roaming\TuneUp Software
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Users\Norm\AppData\Roaming\OpenCandy
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Users\Norm\AppData\Roaming\DVDVideoSoft
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-12 00:47 - 2013-06-12 00:46 - 24941888 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Norm\Downloads\FreeYouTubeToMP3Converter.exe
2013-06-11 21:49 - 2010-10-26 11:28 - 00000000 ____D C:\Users\Norm\AppData\Roaming\FileZilla
2013-06-11 21:21 - 2013-02-25 00:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 21:21 - 2013-02-25 00:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:36 - 2010-06-17 00:04 - 00000000 ____D C:\Users\Norm\Desktop\Rooskey Cottage
2013-06-06 21:02 - 2013-06-06 21:02 - 02699009 ____A C:\Users\Norm\Downloads\Pailleuse_Agram_Jet_de_paille_Luxfarm_LS_2013.zip
2013-06-06 00:43 - 2013-06-06 00:43 - 04942811 ____A C:\Users\Norm\Downloads\Huehnerstall.zip
2013-06-05 20:20 - 2009-03-30 21:56 - 00002037 ____A C:\Users\Norm\Desktop\Google Chrome.lnk
2013-06-05 20:01 - 2013-06-05 20:00 - 19945212 ____A C:\Users\Norm\Downloads\ClaasLexion550.zip
2013-06-05 18:18 - 2013-06-05 18:17 - 20085933 ____A C:\Users\Norm\Downloads\ClaasLexion770TT.exe
2013-05-31 21:14 - 2013-05-31 21:07 - 135916243 ____A C:\Users\Norm\Downloads\Agrarfrost_Open_Me.zip
2013-05-31 21:11 - 2013-05-31 21:08 - 25685050 ____A C:\Users\Norm\Downloads\CaseCVX175.exe
2013-05-31 01:59 - 2013-05-31 01:59 - 05749340 ____A C:\Users\Norm\Downloads\EXTREME_BALING_1.zip
2013-05-31 01:09 - 2013-05-31 01:09 - 14878725 ____A C:\Users\Norm\Downloads\Abbey_Manure_Handling_Kit_2013.zip
2013-05-31 01:08 - 2013-05-31 01:08 - 07078085 ____A C:\Users\Norm\Downloads\Volvo_BM_Slurry_Tanker_2013.exe
2013-05-31 01:06 - 2013-05-31 01:06 - 02587151 ____A C:\Users\Norm\Downloads\Kidd_FH_346.exe
2013-05-31 00:58 - 2013-05-31 00:58 - 08025941 ____A C:\Users\Norm\Downloads\Silage_Trailers_UNZIP.zip
2013-05-30 19:02 - 2013-05-30 19:02 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec (1).exe
2013-05-30 18:32 - 2013-05-30 18:32 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec.exe
2013-05-30 18:30 - 2013-05-30 18:30 - 06225952 ____A C:\Users\Norm\Downloads\Ifor_Williams_FlatBed.exe
2013-05-30 18:29 - 2013-05-30 18:29 - 02911639 ____A C:\Users\Norm\Downloads\JF_FH1450.exe
2013-05-30 17:13 - 2013-05-30 17:13 - 00658001 ____A C:\Users\Norm\Downloads\StehrSilageCompactor1_1.exe
2013-05-30 17:12 - 2013-05-30 17:12 - 01285745 ____A C:\Users\Norm\Downloads\westTrailer.exe
2013-05-30 17:07 - 2013-05-30 17:07 - 01810597 ____A C:\Users\Norm\Downloads\Kane_Low_Loader.exe
2013-05-30 17:03 - 2013-05-30 17:03 - 14655535 ____A C:\Users\Norm\Downloads\NH8340_97.exe
2013-05-30 17:03 - 2013-05-30 17:02 - 24205656 ____A C:\Users\Norm\Downloads\NewHollandT7550.exe
2013-05-30 12:33 - 2013-05-30 12:32 - 00000000 ____D C:\Users\Norm\Desktop\Church Hill Silver
2013-05-30 12:33 - 2010-11-03 23:17 - 00000000 ____D C:\Users\Norm\Desktop\Sharon - University
2013-05-30 12:18 - 2009-04-01 23:30 - 00002651 ____A C:\Users\Norm\Desktop\Microsoft Office Word 2007.lnk
2013-05-28 10:43 - 2013-05-28 10:39 - 106036493 ____A C:\Users\Norm\Downloads\HolsteinValley.exe
2013-05-28 10:25 - 2013-05-28 10:25 - 16416638 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.zip
2013-05-28 10:23 - 2013-05-28 10:20 - 81388312 ____A C:\Users\Norm\Downloads\an_irish_arable_farm.exe
2013-05-27 23:03 - 2009-06-15 08:31 - 00000000 ____D C:\Users\Norm\Desktop\Old Pals Bar
2013-05-27 22:57 - 2010-11-28 21:42 - 00000000 ____D C:\Users\Norm\AppData\Local\Paint.NET
2013-05-27 20:48 - 2013-05-27 20:48 - 00172201 ____A C:\Users\Norm\Downloads\Hirable_Tools.rar
2013-05-27 20:29 - 2013-05-27 20:28 - 16503178 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.exe
2013-05-27 20:28 - 2013-05-27 20:27 - 14225895 ____A C:\Users\Norm\Downloads\MF5480.exe
2013-05-21 10:53 - 2006-11-02 13:46 - 00786894 ____A C:\Windows\System32\PerfStringBackup.INI
 
ZeroAccess:
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\00000004.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\201d3dde
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\6715e287
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\76603ac3
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\00000004.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\00000008.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\000000cb.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\80000000.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\80000032.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\80000064.@
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
C:\Users\Norm\gosetup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-06-18 23:51
 
==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2013
Ran by Norm at 2013-06-19 00:09:00 Run:
Running from C:\Users\Norm\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 1.8.2)
3DVIA player 5.0 (Version: 5.0.0.12)
64 Bit HP CIO Components Installer (Version: 1.0.0)
737 Pilot in Command (FSX)
Acrobat.com (Version: 1.6.65)
Active@ ISO Burner (Version: 2.1.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe SVG Viewer 3.0 (Version:  3.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe XMP Panels CS4 (Version: 2.0)
Aerosoft's - Aerosoft Launcher (Version: 1.1.0.1)
Airbus Series Vol.2 (FS X)
Airline Pack
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Babylon toolbar on IE
BabylonObjectInstaller (Version: 2.0.0.3)
BAE Red Arrows Hawk T1
BBC iPlayer Desktop (Version: 3.2.15)
Blender (remove only)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite (Version: 1.00)
BrowserDefender
BufferChm (Version: 100.0.170.000)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
CaptainSim 757-200 PRO 4.2
Carenado C 152 II (Version: 1.00.00.00)
CLS 3 Airbus Pack FSX
Connect (Version: 1.0.0.1)
Copy (Version: 100.0.170.000)
Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
DAEMON Tools Toolbar (Version: 1.1.2.0185)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.21.5)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
Direct MIDI to MP3 Converter version 6.1.2.43 (Version: 6.1.2.43)
DivX Setup (Version: 2.6.1.41)
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
Douglas C-124 Globemaster II for FSX (Version: 1.00.0000)
Douglas C-74 Globemaster for FSX (Version: 1.00.0000)
Douglas DC-4 for FSX (Version: 3.00.0000)
E-Jets Series (FSX)
eSupportQFolder (Version: 1.00.0000)
Express Gate (Version: 1.2.8.0)
F1 2011 (Version: 1.0.0000.129)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
Farming Simulator 2013 (Version: 1.0)
Farming-Simulator 2009
FIFA 13 (Version: 1.1.0.0)
FileZilla Client 3.3.4.1 (Version: 3.3.4.1)
Flight Simulator X Service Pack 1
Football Manager 2013
Free M4a to MP3 Converter 6.1
Free Mp3 Wma Ogg Converter 7.1.2
Free YouTube to MP3 Converter version 3.12.2.422 (Version: 3.12.2.422)
FreeOnlineRadioPlayerRecorder Toolbar (Version: 6.12.0.516)
FsxAdventures Aer Lingus Missions v1.00
FsxAdventures EasyJet Missions Vol 1. v1.0
GameShadow (Version: 2.03.0000)
GIANTS Editor 4.1.2 (Version: 4.1.2)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GoToMyPC (Version: 7.2.626)
GPBaseService (Version: 100.0.187.000)
Grand Theft Auto Vice City (Version: 1.00.000)
GTA San Andreas (Version: 1.00.00001)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
IB Updater 2.0.0.574 (Version: 2.0.0.574)
iTunes (Version: 10.7.0.21)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
JustFlight DC-3 Legends of Flight
K-Lite Mega Codec Pack 9.9.0 (Version: 9.9.0)
kuler (Version: 2.0)
Landwirtschafts Simulator 2011 (Version: 1.0)
Logitech Touch Mouse Server 1.0 (Version: 1.0)
Malwarebytes' Anti-Malware
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Combat Flight Simulator 3.1
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (Version: 10.0.60905.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (ARP entry) (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (devenv) (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (Platformer) (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (Redists) (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (Shared Components) (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy) (Version: 3.1.10527.0)
Microsoft XNA Game Studio 3.1 Documentation (Version: 3.1.10527.0)
Microsoft XNA Game Studio Platform Tools (Version: 1.1.0.0)
MixiDJ chrome Toolbar
MixPad Audio Mixer
Mixxx 1.7.2 (Version: 1.7.2)
Mozilla Firefox (3.6.16) (Version: 3.6.16 (en-GB))
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Notepad++ (Version: 5.8.2)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.10.0513)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Paint.NET v3.5.6 (Version: 3.56.0)
Photoshop Camera Raw (Version: 5.0)
PMDG BAe JS4100 (Version: 1.00.0970)
PowerISO (Version: 4.7)
Pro Evolution Soccer 2011 (Version: 1.01.0000)
PSSWCORE (Version: 2.02.0000)
Python 3.1.2 (64-bit) (Version: 3.1.2150)
Python 3.2 (64-bit) (Version: 3.2.150)
QualityWings Ultimate 146 Collection FSX
QuickTime (Version: 7.69.80.9)
Rapture3D 2.4.9 Game
RAR Password Cracker 4.12
Ready for Pushback Add-Ons
Ready for Pushback Second Generation_V2_06_CD
Remove UK2000 Belfast Xtreme files
Scan (Version: 10.0.0.0)
Secure Download Manager (Version: 3.0.5)
SelectionLinks (Version: 1.0)
Shop for HP Supplies (Version: 10.0)
Silent Hunter 4 Wolves of the Pacific (Version: 1.00.0000)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
Spotify (Version: 0.4.8)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 100.0.175.000)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Switch Sound File Converter
swMSM (Version: 12.0.0.1)
Tilt Rotor (FSX)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
UK Truck Simulator 1.02 (Version: 1.02)
UK2000 Birmingham Xtreme FSX  (Version: 2.00)
UK2000 Gatwick Xtreme FSX  (Version: 3.00)
UK2000 Heathrow Xtreme FSX  (Version: 2.01)
UK2000 Liverpool Xtreme FSX  (Version: 1.00)
UK2000 London City Xtreme FSX  (Version: 1.00)
UKTS Improvement Mod v1.4 By Sparky
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (Version: 1)
VC Runtimes MSI (Version: 9.0.21022)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoToolkit01 (Version: 100.0.128.000)
VirtualDJ Home FREE (Version: 7.0.5)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
Wajam (Version: 1.80)
WebReg (Version: 100.0.170.000)
Wilco Airbus Evolution vol. 1
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06)
WinZip 14.5 (Version: 14.5.9095)
World of Subways Vol. 3 (Version: 1.2)
Xilisoft AVI to DVD Converter (Version: 7.1.2.20120809)
Yontoo 1.10.02 (Version: 1.10.02)
Zulu DJ Software
 
==================== Restore Points  =========================
 
27-04-2013 09:37:16 Scheduled Checkpoint
28-04-2013 10:52:35 Scheduled Checkpoint
29-04-2013 18:41:59 Installed Java 7 Update 21
01-05-2013 13:10:57 Windows Update
04-05-2013 19:19:10 Windows Update
09-05-2013 21:42:41 Windows Update
13-05-2013 18:44:03 Windows Update
15-05-2013 14:39:45 Windows Update
04-06-2013 21:05:20 Scheduled Checkpoint
12-06-2013 17:33:02 Removed Camtasia Studio 7
13-06-2013 09:58:06 Removed TuneUp Utilities 2013
13-06-2013 10:00:20 Removed TuneUp Utilities Language Pack (en-GB)
13-06-2013 20:49:02 Removed LogMeIn
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {25C13A31-47F4-4EB9-AAC7-0184910F6292} - System32\Tasks\Spybot Search and Destroy => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe No File
Task: {2606A9D7-C592-4AE4-8843-C2C7076F12A9} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe [2009-11-30] ()
Task: {303CC2E1-A30F-44B3-AD9B-C8EF1E1F698F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {3D1AE433-9782-4CD2-825B-1FB6593E6580} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\rundll32 No File
Task: {5F497884-63E3-496E-8DF6-9145938ABFA1} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3103576913-196209731-1286867056-1000 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {6C9E5708-3444-4393-8D92-D21E8FC348EC} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\rundll32 No File
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] ()
Task: {79565CB2-09C3-4442-A78A-245EB76FB943} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2007-08-31] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8FDA94FA-CA28-424D-954B-2592D575EE74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-13] (Google Inc.)
Task: {9C0BC422-CD20-40E4-9E31-2B717476FBEE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3103576913-196209731-1286867056-1000Core => C:\Users\Norm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-30] (Google Inc.)
Task: {9E7A94E1-DF5E-4000-BE9D-24EA5ADA42A0} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2006-11-02] (Microsoft Corporation)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B7D5393F-CC94-4E63-9043-3D32E8F8E1C8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2008-01-21] ()
Task: {BE62503F-724C-43A8-8742-1245DFAF81BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3103576913-196209731-1286867056-1000UA => C:\Users\Norm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-30] (Google Inc.)
Task: {D1CDB659-4BD5-437E-A6E9-284B676548FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-13] (Google Inc.)
Task: {E1139142-F821-4562-8343-A9849549FE0D} - System32\Tasks\EPUpdater => C:\Users\Norm\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {E4156C38-C876-49EC-8B84-9734C965947D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EA2810BB-CF13-4F9F-9C53-3036D655D884} - System32\Tasks\User_Feed_Synchronization-{BC9DEF28-78E2-4419-8A6C-19B059DE6273} => C:\Windows\system32\msfeedssync.exe [2012-02-29] (Microsoft Corporation)
Task: {FBB80488-4D1C-423D-825E-63EFF98EE04E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2013 11:46:55 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a58
Start Time: 01ce6c74ff57495a
Termination Time: 16
 
Error: (06/18/2013 11:41:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/18/2013 09:14:56 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc0000005, fault offset 0x001d9142,
process id 0x1440, application start time 0xsvchost.exe0.
 
Error: (06/18/2013 08:55:26 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc0000005, fault offset 0x001d9142,
process id 0x14c0, application start time 0xsvchost.exe0.
 
Error: (06/18/2013 08:29:27 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc0000005, fault offset 0x001d9142,
process id 0x172c, application start time 0xsvchost.exe0.
 
Error: (06/18/2013 07:54:58 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc0000005, fault offset 0x001d9142,
process id 0x1598, application start time 0xsvchost.exe0.
 
Error: (06/18/2013 07:45:03 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc0000005, fault offset 0x001d9142,
process id 0x594, application start time 0xsvchost.exe0.
 
Error: (06/18/2013 07:22:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/18/2013 10:46:33 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (06/18/2013 10:46:33 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
 
System errors:
=============
Error: (06/19/2013 00:04:13 AM) (Source: Service Control Manager) (User: )
Description: BrowserDefendert2300001Restart the service
 
Error: (06/19/2013 00:04:02 AM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceBrowserDefendert%%1056
 
Error: (06/19/2013 00:03:32 AM) (Source: Service Control Manager) (User: )
Description: BrowserDefendert1300001Restart the service
 
Error: (06/18/2013 11:45:21 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424
 
Error: (06/18/2013 11:45:21 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (06/18/2013 11:45:21 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (06/18/2013 11:42:11 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424
 
Error: (06/18/2013 11:42:04 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (06/18/2013 11:41:48 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE
 
Error: (06/18/2013 11:41:48 PM) (Source: Service Control Manager) (User: )
Description: lirsgt%%577
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-18 23:40:39.922
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 23:40:39.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 23:40:09.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 23:40:08.956
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 19:21:00.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 19:21:00.607
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 19:20:45.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 19:20:44.867
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 10:36:03.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-18 10:36:03.486
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 67%
Total physical RAM: 4094.32 MB
Available physical RAM: 1341.36 MB
Total Pagefile: 8405.16 MB
Available Pagefile: 5479.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.2 GB) (Free:141.52 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive k: (My Passport) (Fixed) (Total:232.83 GB) (Free:34.22 GB) FAT32 (Disk=5 Partition=1)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C1F31BEA)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=447 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 233 GB) (Disk ID: 02D23F90)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 01:14 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

 

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

 

Then create and post a new FRST log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 02:40 AM

Hi Marius, thanks for your help....The result of the adwcleaner are below...

 

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 08:38:39
# Updated 08/06/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Norm - NORM-PC
# Boot Mode : Normal
# Running from : C:\Users\Norm\Desktop\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
Found : BrowserDefendert
Found : WajamUpdater
 
***** [Files / Folders] *****
 
File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\bProtector_extensions.rdf
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\bprotector_prefs.js
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\Babylon.xml
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\Conduit.xml
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\delta.xml
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\mixidj.xml
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\yahoo-zugo.xml
File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Developer Network\MSDN Library for Visual Studio 2008 - ENU.lnk ( arg. : /helpcol ms-help://MS.MSDNQTR.v90.en /LaunchNamedUrlTopic DefaultPage)
File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk ( arg. : /helpcol ms-help://ms.vscc.v90 /LaunchNamedUrlTopic DefaultPage /usehelpsettings VisualStudio.9.0)
File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 3.1\XNA Game Studio Documentation.lnk ( arg. : /helpcol ms-help://MS.VSCC.v90 /LaunchFKeywordTopic XNAGSDefaultPage /filter "XNA Game Studio 3.1")
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\clickpotatolite
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
Folder Found : C:\Program Files (x86)\Gophoto.it
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\Perion
Folder Found : C:\Program Files (x86)\ShopperReports3
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Program Files\IB Updater
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserDefender
Folder Found : C:\ProgramData\ClickPotatoLiteSA
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Norm\AppData\Local\Conduit
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found : C:\Users\Norm\AppData\Local\Wajam
Folder Found : C:\Users\Norm\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Norm\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Norm\AppData\LocalLow\Conduit
Folder Found : C:\Users\Norm\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
Folder Found : C:\Users\Norm\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Norm\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Norm\AppData\LocalLow\ShopperReports3
Folder Found : C:\Users\Norm\AppData\Roaming\BabSolution
Folder Found : C:\Users\Norm\AppData\Roaming\Babylon
Folder Found : C:\Users\Norm\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Norm\AppData\Roaming\clickpotatolite
Folder Found : C:\Users\Norm\AppData\Roaming\Delta
Folder Found : C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Found : C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Conduit
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\CT2737658
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\ffxtlbr@delta.com
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\ffxtlbr@incredibar.com
Folder Found : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\Norm\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Norm\AppData\Roaming\ShopperReports3
Folder Found : C:\Windows\SysWOW64\WNLT
 
***** [Registry] *****
 
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeOnlineRadioPlayerRecorder Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\ShopperReports3
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\524dd8de069e515
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BRNstIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\CmndFF.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\mozillaps.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\Pltfrm.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Key Found : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Key Found : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.ReportData
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.ReportData.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Scopes
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Scopes.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Stock
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Stock.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\ClickPotatoLite
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{426300E3-EF8A-48F3-BBE3-5FE275BEF490}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\ShopperReports3
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SOFTWARE\Wow6432Node\524dd8de069e515
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{426300E3-EF8A-48F3-BBE3-5FE275BEF490}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1444ACBE-3092-47EB-A819-E18393576F37}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C1171FA-8ABE-49BE-904A-2DBE9F6B2F73}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3103576913-196209731-1286867056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3103576913-196209731-1286867056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKU\S-1-5-21-3103576913-196209731-1286867056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ShopperReports@ShopperReports.com]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48B8-9D63-80849FE137CB}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16483
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
 
-\\ Mozilla Firefox v3.6.16 (en-GB)
 
File : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\prefs.js
 
Found : user_pref("CT2737658.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2737658.CTID", "CT2737658");
Found : user_pref("CT2737658.CurrentServerDate", "19-6-2013");
Found : user_pref("CT2737658.DialogsAlignMode", "LTR");
Found : user_pref("CT2737658.DownloadReferralCookieData", "");
Found : user_pref("CT2737658.FeedLastCount129531111962231774", 400);
Found : user_pref("CT2737658.FeedPollDate128932492092456574", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129066712740779554", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129182867803381395", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129531111962241536", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129531111962251297", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129531111962251298", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129531111962251299", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedPollDate129531111962251300", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Found : user_pref("CT2737658.FeedTTL128932492092456574", 40);
Found : user_pref("CT2737658.FeedTTL129066712740779554", 40);
Found : user_pref("CT2737658.FeedTTL129182867803381395", 40);
Found : user_pref("CT2737658.FeedTTL129531111962241536", 40);
Found : user_pref("CT2737658.FeedTTL129531111962251297", 40);
Found : user_pref("CT2737658.FeedTTL129531111962251298", 40);
Found : user_pref("CT2737658.FeedTTL129531111962251299", 40);
Found : user_pref("CT2737658.FeedTTL129531111962251300", 40);
Found : user_pref("CT2737658.FirstServerDate", "18-1-2011");
Found : user_pref("CT2737658.FirstTime", true);
Found : user_pref("CT2737658.FirstTimeFF3", true);
Found : user_pref("CT2737658.FirstTimeSettingsDone", true);
Found : user_pref("CT2737658.FixPageNotFoundErrors", true);
Found : user_pref("CT2737658.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2737658.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2737658.Initialize", true);
Found : user_pref("CT2737658.InitializeCommonPrefs", true);
Found : user_pref("CT2737658.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2737658.InstalledDate", "Tue Jan 18 2011 17:46:28 GMT+0000 (GMT Standard Time)");
Found : user_pref("CT2737658.InvalidateCache", false);
Found : user_pref("CT2737658.IsGrouping", false);
Found : user_pref("CT2737658.IsMulticommunity", false);
Found : user_pref("CT2737658.IsOpenThankYouPage", true);
Found : user_pref("CT2737658.IsOpenUninstallPage", true);
Found : user_pref("CT2737658.LanguagePackLastCheckTime", "Thu Jun 13 2013 11:00:42 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT2737658.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2737658.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2737658.LastLogin_2.7.2.0", "Tue Jun 18 2013 22:22:42 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2737658.LatestVersion", "3.18.0.7");
Found : user_pref("CT2737658.Locale", "en");
Found : user_pref("CT2737658.LoginCache", 4);
Found : user_pref("CT2737658.MCDetectTooltipHeight", "83");
Found : user_pref("CT2737658.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2737658.MCDetectTooltipWidth", "295");
Found : user_pref("CT2737658.RadioIsPodcast", false);
Found : user_pref("CT2737658.RadioLastCheckTime", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2737658.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2737658.RadioLastUpdateServer", "129259829623770000");
Found : user_pref("CT2737658.RadioMediaID", "21145355");
Found : user_pref("CT2737658.RadioMediaType", "Media Player");
Found : user_pref("CT2737658.RadioMenuSelectedID", "EBRadioMenu_CT273765821145355");
Found : user_pref("CT2737658.RadioStationName", "Classic%20Rock");
Found : user_pref("CT2737658.RadioStationURL", "hxxp://www.gotradio.com/player/launch.asp?id=22&cr=lb");
Found : user_pref("CT2737658.SavedHomepage", "hxxp://www.bbc.co.uk/news/northern_ireland/");
Found : user_pref("CT2737658.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2737658.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2737658.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Found : user_pref("CT2737658.SearchInNewTabEnabled", true);
Found : user_pref("CT2737658.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2737658.SearchInNewTabLastCheckTime", "Tue Jun 18 2013 22:22:41 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT2737658.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2737658.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2737658.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2737658.SettingsLastCheckTime", "Tue Jun 18 2013 22:22:40 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT2737658.SettingsLastUpdate", "1371024731");
Found : user_pref("CT2737658.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2737658.ThirdPartyComponentsLastCheck", "Wed Jun 12 2013 00:48:32 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT2737658.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2737658.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2737658.UserID", "UN46812852195993104");
Found : user_pref("CT2737658.ValidationData_Toolbar", 2);
Found : user_pref("CT2737658.alertChannelId", "1129903");
Found : user_pref("CT2737658.backendstorage. appgroupon_dailyactivity", "31333035323337373331323635");
Found : user_pref("CT2737658.backendstorage. appgroupon_lifetimesent", "54525545");
Found : user_pref("CT2737658.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT2737658.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2737658.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2737658.backendstorage./9b+7e.:2z527", "247E707273303C3833477B473C3F2C742E7E7D792022342[...]
Found : user_pref("CT2737658.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2737658.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2737658.backendstorage./9b+7e06cg5el8:", "6E6D6B6C6A71746E6E78");
Found : user_pref("CT2737658.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473717270777A74747E242F4B4947[...]
Found : user_pref("CT2737658.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2737658.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2737658.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2737658.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2737658.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2737658.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2737658.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2737658.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT2737658.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2737658.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2737658.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2737658.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2737658.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2737658.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2737658.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2737658.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2737658.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2737658.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2737658.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2737658.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2737658.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2737658.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2737658.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT2737658.backendstorage./9b-0?3g>d", "3A69693F6C3E6F437A4474744A204A4C7921257D7E7D202A24[...]
Found : user_pref("CT2737658.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2737658.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2737658.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Found : user_pref("CT2737658.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2737658.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Found : user_pref("CT2737658.backendstorage./9b5ba==9cjag", "3B6B69406E436C727A457673754974767B204F7B7D");
Found : user_pref("CT2737658.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6C6A71746E6E71737874");
Found : user_pref("CT2737658.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2737658.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT2737658.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2737658.backendstorage./9b<:222h64<l8daj", "6D70706F7674717975732A7878727C76752022");
Found : user_pref("CT2737658.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2737658.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2737658.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2737658.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2737658.backendstorage.2737658a129531115111807042000000paramsgk0", "7B22757064617465526[...]
Found : user_pref("CT2737658.backendstorage.appbuttondisablenull", "30");
Found : user_pref("CT2737658.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT2737658.backendstorage.cbcountry_001", "4742");
Found : user_pref("CT2737658.backendstorage.cbfirsttime", "4D6F6E2046656220323720323031322031303A34383A31382[...]
Found : user_pref("CT2737658.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT2737658.backendstorage.ct2737658ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT2737658.backendstorage.ct2737658current_term", "");
Found : user_pref("CT2737658.backendstorage.ct2737658isadsdisabled", "66616C7365");
Found : user_pref("CT2737658.backendstorage.ct2737658sdate", "3133");
Found : user_pref("CT2737658.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Found : user_pref("CT2737658.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Found : user_pref("CT2737658.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Found : user_pref("CT2737658.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Found : user_pref("CT2737658.backendstorage.mam_gk_appstatereporttime", "31333731303630313834353536");
Found : user_pref("CT2737658.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Found : user_pref("CT2737658.backendstorage.mam_gk_currentversion", "312E382E302E34");
Found : user_pref("CT2737658.backendstorage.mam_gk_first_time", "31");
Found : user_pref("CT2737658.backendstorage.mam_gk_lastlogintime", "31333731313536373635333633");
Found : user_pref("CT2737658.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Found : user_pref("CT2737658.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]
Found : user_pref("CT2737658.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A227375636365656465[...]
Found : user_pref("CT2737658.backendstorage.mam_gk_showclosebutton", "74727565");
Found : user_pref("CT2737658.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Found : user_pref("CT2737658.backendstorage.mam_gk_userid", "31643032373230332D656633372D343930612D383234632[...]
Found : user_pref("CT2737658.backendstorage.pg_enable", "74727565");
Found : user_pref("CT2737658.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A226874[...]
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat0", "253542253544");
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat1", "253542253544");
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat2", "253542253544");
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat3", "253542253544");
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000embeddedversion", "322E352[...]
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000feedsobj", "25374225323263[...]
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000lastreporttime", "31333731[...]
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000newfeeds", "6E657746656564[...]
Found : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000readitemsarr", "2537422537[...]
Found : user_pref("CT2737658.backendstorage.searchappstate", "32");
Found : user_pref("CT2737658.backendstorage.searchapptracking", "73656E74");
Found : user_pref("CT2737658.backendstorage.shoppingapp.gk.exipres", "546875204A616E20313720323031332032323A[...]
Found : user_pref("CT2737658.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Found : user_pref("CT2737658.backendstorage.smspcntryinfo", "3232325F3434");
Found : user_pref("CT2737658.backendstorage.smspcntryshort", "554B");
Found : user_pref("CT2737658.backendstorage.smspcntryts", "31333033383633313930313533");
Found : user_pref("CT2737658.backendstorage.url_history0001", "6A6176617363726970743A576562466F726D5F446F506[...]
Found : user_pref("CT2737658.clientLogIsEnabled", false);
Found : user_pref("CT2737658.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2737658.myStuffEnabled", true);
Found : user_pref("CT2737658.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2737658.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2737658.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2737658.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2737658.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2737658");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2737658");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 23 2011 13:20:43 GMT+0100 (GMT[...]
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2737658");
Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100 [...]
Found : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100 ([...]
Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100 ([...]
Found : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=121845&babsrc=NT_ss&mntrId=923D0[...]
Found : user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder Customized Web Sea[...]
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&Sea[...]
Found : user_pref("browser.search.selectedEngine", "Delta Search");
Found : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=111434&tt=010812_newm_3112_6");
Found : user_pref("extensions.BabylonToolbar.cntry", "GB");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "19963DDFB48C374FB58DD8114D133B2B");
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "923dde9d000000000000002215e13da7");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15554");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.615:11:36");
Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.sg", "czb");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.615:11:36");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434&tt=010812_newm_3112_6");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.615:11:36");
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.babExt", "");
Found : user_pref("extensions.delta.babTrack", "affID=111434&tt=010812_newm_3112_6");
Found : user_pref("extensions.delta.bbDpng", "18");
Found : user_pref("extensions.delta.cntry", "GB");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.ffxUnstlRst", true);
Found : user_pref("extensions.delta.hdrMd5", "6874F1DE0AEF36B930EF762A969A8B0A");
Found : user_pref("extensions.delta.hmpg", false);
Found : user_pref("extensions.delta.id", "923dde9d000000000000002215e13da7");
Found : user_pref("extensions.delta.instlDay", "15874");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.kwURLOld", "chrome://browser-region/locale/region.properties");
Found : user_pref("extensions.delta.lastVrsnTs", "");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.sg", "azb");
Found : user_pref("extensions.delta.smplGrp", "azb");
Found : user_pref("extensions.delta.srcExt", "ss");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Found : user_pref("extensions.delta.vrsnTs", "1.8.21.522:22:21");
Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Found : user_pref("extensions.delta_i.babExt", "");
Found : user_pref("extensions.delta_i.babTrack", "affID=121845");
Found : user_pref("extensions.delta_i.srcExt", "ss");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "GB");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10674");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "844CBDC5BD69CEA216C8632B7777908C");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "923dde9d000000000000002215e13da7");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15705");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:40:34");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyYT1tybo&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6OyYT1tybo");
Found : user_pref("extensions.incredibar.upn2n", "92262717876697234");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:40:34");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10674");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "923dde9d000000000000002215e13da7");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15705");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyYT1tybo&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyYT1tybo");
Found : user_pref("extensions.incredibar_i.upn2n", "92262717876697234");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:40:34");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Found : user_pref("extentions.y2layers.installId", "5f85de34-ffec-4d28-b63e-7b6cad15e890");
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [61790 octets] - [19/06/2013 08:38:39]
 
########## EOF - C:\AdwCleaner[R1].txt - [61851 octets] ##########


#4 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 02:48 AM

Sorry Marius, I uploaded incorrect file....New one below;

 

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 08:41:38
# Updated 08/06/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Norm - NORM-PC
# Boot Mode : Normal
# Running from : C:\Users\Norm\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BrowserDefendert
Stopped & Deleted : WajamUpdater
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\BabylonToolbar
Deleted on reboot : C:\Program Files (x86)\clickpotatolite
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\Delta
Deleted on reboot : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
Deleted on reboot : C:\Program Files (x86)\Gophoto.it
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}
Deleted on reboot : C:\Program Files (x86)\OApps
Deleted on reboot : C:\Program Files (x86)\Perion
Deleted on reboot : C:\Program Files (x86)\ShopperReports3
Deleted on reboot : C:\Program Files (x86)\Wajam
Deleted on reboot : C:\Program Files (x86)\Yontoo
Deleted on reboot : C:\Program Files\IB Updater
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\BrowserDefender
Deleted on reboot : C:\ProgramData\ClickPotatoLiteSA
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Users\Norm\AppData\Local\Conduit
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Deleted on reboot : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Deleted on reboot : C:\Users\Norm\AppData\Local\Wajam
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\BabylonToolbar
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\incredibar.com
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\Norm\AppData\LocalLow\ShopperReports3
Deleted on reboot : C:\Users\Norm\AppData\Roaming\BabSolution
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\Norm\AppData\Roaming\BabylonToolbar
Deleted on reboot : C:\Users\Norm\AppData\Roaming\clickpotatolite
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Delta
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Conduit
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\CT2737658
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\ffxtlbr@babylon.com
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\ffxtlbr@delta.com
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\ffxtlbr@incredibar.com
Deleted on reboot : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\extensions\plugin@yontoo.com
Deleted on reboot : C:\Users\Norm\AppData\Roaming\OpenCandy
Deleted on reboot : C:\Users\Norm\AppData\Roaming\ShopperReports3
Deleted on reboot : C:\Windows\SysWOW64\WNLT
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\bProtector_extensions.rdf
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\bprotector_prefs.js
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\delta.xml
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\mixidj.xml
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\searchplugins\yahoo-zugo.xml
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Developer Network\MSDN Library for Visual Studio 2008 - ENU.lnk
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 3.1\XNA Game Studio Documentation.lnk
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeOnlineRadioPlayerRecorder Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\ShopperReports3
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\524dd8de069e515
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BRNstIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CmndFF.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\mozillaps.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Pltfrm.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.ReportData
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.ReportData.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Scopes
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Scopes.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Stock
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Stock.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\ClickPotatoLite
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{426300E3-EF8A-48F3-BBE3-5FE275BEF490}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\ShopperReports3
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\524dd8de069e515
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{426300E3-EF8A-48F3-BBE3-5FE275BEF490}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1444ACBE-3092-47EB-A819-E18393576F37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C1171FA-8ABE-49BE-904A-2DBE9F6B2F73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\S-1-5-21-3103576913-196209731-1286867056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ShopperReports@ShopperReports.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16483
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v3.6.16 (en-GB)
 
File : C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\prefs.js
 
C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\user.js ... Deleted !
 
Deleted : user_pref("CT2737658.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2737658.CTID", "CT2737658");
Deleted : user_pref("CT2737658.CurrentServerDate", "19-6-2013");
Deleted : user_pref("CT2737658.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2737658.DownloadReferralCookieData", "");
Deleted : user_pref("CT2737658.FeedLastCount129531111962231774", 400);
Deleted : user_pref("CT2737658.FeedPollDate128932492092456574", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129066712740779554", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129182867803381395", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129531111962241536", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129531111962251297", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129531111962251298", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129531111962251299", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedPollDate129531111962251300", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2737658.FeedTTL128932492092456574", 40);
Deleted : user_pref("CT2737658.FeedTTL129066712740779554", 40);
Deleted : user_pref("CT2737658.FeedTTL129182867803381395", 40);
Deleted : user_pref("CT2737658.FeedTTL129531111962241536", 40);
Deleted : user_pref("CT2737658.FeedTTL129531111962251297", 40);
Deleted : user_pref("CT2737658.FeedTTL129531111962251298", 40);
Deleted : user_pref("CT2737658.FeedTTL129531111962251299", 40);
Deleted : user_pref("CT2737658.FeedTTL129531111962251300", 40);
Deleted : user_pref("CT2737658.FirstServerDate", "18-1-2011");
Deleted : user_pref("CT2737658.FirstTime", true);
Deleted : user_pref("CT2737658.FirstTimeFF3", true);
Deleted : user_pref("CT2737658.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2737658.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2737658.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2737658.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2737658.Initialize", true);
Deleted : user_pref("CT2737658.InitializeCommonPrefs", true);
Deleted : user_pref("CT2737658.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2737658.InstalledDate", "Tue Jan 18 2011 17:46:28 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2737658.InvalidateCache", false);
Deleted : user_pref("CT2737658.IsGrouping", false);
Deleted : user_pref("CT2737658.IsMulticommunity", false);
Deleted : user_pref("CT2737658.IsOpenThankYouPage", true);
Deleted : user_pref("CT2737658.IsOpenUninstallPage", true);
Deleted : user_pref("CT2737658.LanguagePackLastCheckTime", "Thu Jun 13 2013 11:00:42 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2737658.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2737658.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2737658.LastLogin_2.7.2.0", "Tue Jun 18 2013 22:22:42 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2737658.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2737658.Locale", "en");
Deleted : user_pref("CT2737658.LoginCache", 4);
Deleted : user_pref("CT2737658.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2737658.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2737658.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2737658.RadioIsPodcast", false);
Deleted : user_pref("CT2737658.RadioLastCheckTime", "Tue Jun 18 2013 22:22:43 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2737658.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2737658.RadioLastUpdateServer", "129259829623770000");
Deleted : user_pref("CT2737658.RadioMediaID", "21145355");
Deleted : user_pref("CT2737658.RadioMediaType", "Media Player");
Deleted : user_pref("CT2737658.RadioMenuSelectedID", "EBRadioMenu_CT273765821145355");
Deleted : user_pref("CT2737658.RadioStationName", "Classic%20Rock");
Deleted : user_pref("CT2737658.RadioStationURL", "hxxp://www.gotradio.com/player/launch.asp?id=22&cr=lb");
Deleted : user_pref("CT2737658.SavedHomepage", "hxxp://www.bbc.co.uk/news/northern_ireland/");
Deleted : user_pref("CT2737658.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2737658.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2737658.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Deleted : user_pref("CT2737658.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2737658.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2737658.SearchInNewTabLastCheckTime", "Tue Jun 18 2013 22:22:41 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2737658.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2737658.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2737658.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2737658.SettingsLastCheckTime", "Tue Jun 18 2013 22:22:40 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2737658.SettingsLastUpdate", "1371024731");
Deleted : user_pref("CT2737658.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2737658.ThirdPartyComponentsLastCheck", "Wed Jun 12 2013 00:48:32 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2737658.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2737658.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2737658.UserID", "UN46812852195993104");
Deleted : user_pref("CT2737658.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2737658.alertChannelId", "1129903");
Deleted : user_pref("CT2737658.backendstorage. appgroupon_dailyactivity", "31333035323337373331323635");
Deleted : user_pref("CT2737658.backendstorage. appgroupon_lifetimesent", "54525545");
Deleted : user_pref("CT2737658.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e.:2z527", "247E707273303C3833477B473C3F2C742E7E7D792022342[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e06cg5el8:", "6E6D6B6C6A71746E6E78");
Deleted : user_pref("CT2737658.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473717270777A74747E242F4B4947[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2737658.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Deleted : user_pref("CT2737658.backendstorage./9b-0?3g>d", "3A69693F6C3E6F437A4474744A204A4C7921257D7E7D202A24[...]
Deleted : user_pref("CT2737658.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2737658.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2737658.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2737658.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2737658.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Deleted : user_pref("CT2737658.backendstorage./9b5ba==9cjag", "3B6B69406E436C727A457673754974767B204F7B7D");
Deleted : user_pref("CT2737658.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6C6A71746E6E71737874");
Deleted : user_pref("CT2737658.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2737658.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Deleted : user_pref("CT2737658.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2737658.backendstorage./9b<:222h64<l8daj", "6D70706F7674717975732A7878727C76752022");
Deleted : user_pref("CT2737658.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2737658.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2737658.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2737658.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2737658.backendstorage.2737658a129531115111807042000000paramsgk0", "7B22757064617465526[...]
Deleted : user_pref("CT2737658.backendstorage.appbuttondisablenull", "30");
Deleted : user_pref("CT2737658.backendstorage.autocompletepro_enable_auto", "31");
Deleted : user_pref("CT2737658.backendstorage.cbcountry_001", "4742");
Deleted : user_pref("CT2737658.backendstorage.cbfirsttime", "4D6F6E2046656220323720323031322031303A34383A31382[...]
Deleted : user_pref("CT2737658.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT2737658.backendstorage.ct2737658ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT2737658.backendstorage.ct2737658current_term", "");
Deleted : user_pref("CT2737658.backendstorage.ct2737658isadsdisabled", "66616C7365");
Deleted : user_pref("CT2737658.backendstorage.ct2737658sdate", "3133");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Deleted : user_pref("CT2737658.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_appstatereporttime", "31333731303630313834353536");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Deleted : user_pref("CT2737658.backendstorage.mam_gk_currentversion", "312E382E302E34");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_first_time", "31");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_lastlogintime", "31333731313536373635333633");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Deleted : user_pref("CT2737658.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]
Deleted : user_pref("CT2737658.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A227375636365656465[...]
Deleted : user_pref("CT2737658.backendstorage.mam_gk_showclosebutton", "74727565");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Deleted : user_pref("CT2737658.backendstorage.mam_gk_userid", "31643032373230332D656633372D343930612D383234632[...]
Deleted : user_pref("CT2737658.backendstorage.pg_enable", "74727565");
Deleted : user_pref("CT2737658.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A226874[...]
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat0", "253542253544");
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat1", "253542253544");
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat2", "253542253544");
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat3", "253542253544");
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000embeddedversion", "322E352[...]
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000feedsobj", "25374225323263[...]
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000lastreporttime", "31333731[...]
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000newfeeds", "6E657746656564[...]
Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000readitemsarr", "2537422537[...]
Deleted : user_pref("CT2737658.backendstorage.searchappstate", "32");
Deleted : user_pref("CT2737658.backendstorage.searchapptracking", "73656E74");
Deleted : user_pref("CT2737658.backendstorage.shoppingapp.gk.exipres", "546875204A616E20313720323031332032323A[...]
Deleted : user_pref("CT2737658.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Deleted : user_pref("CT2737658.backendstorage.smspcntryinfo", "3232325F3434");
Deleted : user_pref("CT2737658.backendstorage.smspcntryshort", "554B");
Deleted : user_pref("CT2737658.backendstorage.smspcntryts", "31333033383633313930313533");
Deleted : user_pref("CT2737658.backendstorage.url_history0001", "6A6176617363726970743A576562466F726D5F446F506[...]
Deleted : user_pref("CT2737658.clientLogIsEnabled", false);
Deleted : user_pref("CT2737658.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2737658.myStuffEnabled", true);
Deleted : user_pref("CT2737658.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2737658.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2737658.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2737658.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2737658.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2737658");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2737658");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 23 2011 13:20:43 GMT+0100 (GMT[...]
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2737658");
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100 [...]
Deleted : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100 ([...]
Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Jun 18 2013 22:22:45 GMT+0100 ([...]
Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=121845&babsrc=NT_ss&mntrId=923D0[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder Customized Web Sea[...]
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111434&tt=010812_newm_3112_6");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "19963DDFB48C374FB58DD8114D133B2B");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "923dde9d000000000000002215e13da7");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15554");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.615:11:36");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.615:11:36");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434&tt=010812_newm_3112_6");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.615:11:36");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.babExt", "");
Deleted : user_pref("extensions.delta.babTrack", "affID=111434&tt=010812_newm_3112_6");
Deleted : user_pref("extensions.delta.bbDpng", "18");
Deleted : user_pref("extensions.delta.cntry", "GB");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.hdrMd5", "6874F1DE0AEF36B930EF762A969A8B0A");
Deleted : user_pref("extensions.delta.hmpg", false);
Deleted : user_pref("extensions.delta.id", "923dde9d000000000000002215e13da7");
Deleted : user_pref("extensions.delta.instlDay", "15874");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.kwURLOld", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("extensions.delta.lastVrsnTs", "");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.sg", "azb");
Deleted : user_pref("extensions.delta.smplGrp", "azb");
Deleted : user_pref("extensions.delta.srcExt", "ss");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.522:22:21");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=121845");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "GB");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10674");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "844CBDC5BD69CEA216C8632B7777908C");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "923dde9d000000000000002215e13da7");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15705");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:40:34");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyYT1tybo&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyYT1tybo");
Deleted : user_pref("extensions.incredibar.upn2n", "92262717876697234");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:40:34");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10674");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "923dde9d000000000000002215e13da7");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15705");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyYT1tybo&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyYT1tybo");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92262717876697234");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:40:34");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Deleted : user_pref("extentions.y2layers.installId", "5f85de34-ffec-4d28-b63e-7b6cad15e890");
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [61791 octets] - [19/06/2013 08:38:39]
AdwCleaner[R2].txt - [61852 octets] - [19/06/2013 08:41:22]
AdwCleaner[S1].txt - [58841 octets] - [19/06/2013 08:41:38]
 
########## EOF - C:\AdwCleaner[S1].txt - [58902 octets] ##########


#5 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 02:51 AM

And here is the results from latest FRST scan....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013
Ran by Norm (administrator) on 19-06-2013 08:49:09
Running from C:\Users\Norm\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
() C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1553832 2007-08-31] (Microsoft Corporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1555968 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Norm\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-03-30] (Google Inc.)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_13722F0580CA191EC89E26C74285026F] "C:\Users\Norm\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-05-29] (Google Inc.)
HKCU\...\Runonce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit/534.10_(KHTML,_like_Gecko)_Chrome/8.0.552.224_Safari/534.10" -"http://news.bbc.co.uk/sport1/hi/football/fa_cup/virtual_replay/6636845.stm?goalid=501071" [x]
MountPoints2: F - WDSetup.exe
MountPoints2: I - WDSetup.exe
MountPoints2: {cfbb9752-d7a1-11df-b86e-002215e13da7} - E:\Installer.exe
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-GB;_rv:1.9.2.16)_Gecko/20110319_Firefox/3.6.16_(.NET_CLR_3.5.30729)_;ShopperReports" -"http://www.gameflox.com/flash-games/419/tiger-cross.html" [x]
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=923D002215E13DA7
SearchScopes: HKCU - {4C489F2C-1907-4C67-99A0-2004C107870A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\firebug@software.joehewitt.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SelectionLinks - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{AB6F7EFE-20F0-41F3-96BD-96D7DF8056D5}
 
Chrome: 
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
CHR RestoreOnStartup: "hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7"
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Norm\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Norm\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Norm\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Select Links App) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aineemkafbbcgobgdgehgcnmnmfgdkpg\4.3_0
CHR Extension: (YouTube) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-03-31] ()
 
==================== Drivers (Whitelisted) ====================
 
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-04-02] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-04-02] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-03] (Duplex Secure Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-19 08:41 - 2013-06-19 08:41 - 00061852 ____A C:\AdwCleaner[R2].txt
2013-06-19 08:41 - 2013-06-19 08:41 - 00058844 ____A C:\AdwCleaner[S1].txt
2013-06-19 08:41 - 2013-06-19 08:41 - 00003856 ____A C:\Windows\DeleteOnReboot.bat
2013-06-19 08:38 - 2013-06-19 08:39 - 00061791 ____A C:\AdwCleaner[R1].txt
2013-06-19 08:33 - 2013-06-19 08:33 - 00000650 ____A C:\Users\Norm\Desktop\defogger_disable.log
2013-06-19 08:33 - 2013-06-19 08:33 - 00000188 ____A C:\Users\Norm\defogger_reenable
2013-06-19 08:32 - 2013-06-19 08:32 - 00648201 ____A C:\Users\Norm\Desktop\AdwCleaner.exe
2013-06-19 08:31 - 2013-06-19 08:31 - 00050477 ____A C:\Users\Norm\Desktop\Defogger.exe
2013-06-19 00:07 - 2013-06-19 00:09 - 00030636 ____A C:\Users\Norm\Desktop\Addition.txt
2013-06-19 00:06 - 2013-06-19 00:06 - 00000000 ____D C:\FRST
2013-06-19 00:05 - 2013-06-19 00:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-19 00:02 - 2013-06-19 00:02 - 00000427 ____A C:\Users\Norm\Desktop\tdsskiller.exe - Shortcut.lnk
2013-06-19 00:02 - 2013-06-19 00:02 - 00000421 ____A C:\Users\Norm\Desktop\iExplore.exe - Shortcut.lnk
2013-06-19 00:02 - 2013-06-18 22:25 - 01928350 ____A (Farbar) C:\Users\Norm\Desktop\FRST64.exe
2013-06-18 23:46 - 2013-06-18 23:46 - 00000017 ____A C:\Users\Norm\Downloads\fixlist (7).txt
2013-06-18 22:24 - 2013-06-18 22:25 - 00609336 ____A C:\Users\Norm\Downloads\setup (1).exe
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-18 22:21 - 2013-06-18 22:22 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-06-18 22:21 - 2013-06-18 22:21 - 00609336 ____A C:\Users\Norm\Downloads\setup.exe
2013-06-18 20:51 - 2013-06-18 20:51 - 00000277 ____A C:\Users\Norm\Downloads\fixlist.txt
2013-06-12 18:42 - 2013-06-12 18:43 - 04472121 ____A (CamStudio Open Source Dev Team                              ) C:\Users\Norm\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2013-06-12 18:41 - 2013-06-13 10:53 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-12 18:40 - 2013-06-12 18:41 - 00434000 ____A C:\Users\Norm\AppData\Local\dd_vcredistMSI3258.txt
2013-06-12 18:40 - 2013-06-12 18:41 - 00011426 ____A C:\Users\Norm\AppData\Local\dd_vcredistUI3258.txt
2013-06-12 18:39 - 2013-06-12 18:39 - 00584600 ____A C:\Users\Norm\Downloads\cbsidlm-tr1_13-CamStudio-ORG-10067101.exe
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\Users\Norm\AppData\Roaming\TuneUp Software
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Users\Norm\AppData\Roaming\DVDVideoSoft
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-12 00:46 - 2013-06-12 00:47 - 24941888 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Norm\Downloads\FreeYouTubeToMP3Converter.exe
2013-06-06 21:02 - 2013-06-06 21:02 - 02699009 ____A C:\Users\Norm\Downloads\Pailleuse_Agram_Jet_de_paille_Luxfarm_LS_2013.zip
2013-06-06 00:43 - 2013-06-06 00:43 - 04942811 ____A C:\Users\Norm\Downloads\Huehnerstall.zip
2013-06-05 20:00 - 2013-06-05 20:01 - 19945212 ____A C:\Users\Norm\Downloads\ClaasLexion550.zip
2013-06-05 18:17 - 2013-06-05 18:18 - 20085933 ____A C:\Users\Norm\Downloads\ClaasLexion770TT.exe
2013-05-31 21:08 - 2013-05-31 21:11 - 25685050 ____A C:\Users\Norm\Downloads\CaseCVX175.exe
2013-05-31 21:07 - 2013-05-31 21:14 - 135916243 ____A C:\Users\Norm\Downloads\Agrarfrost_Open_Me.zip
2013-05-31 01:59 - 2013-05-31 01:59 - 05749340 ____A C:\Users\Norm\Downloads\EXTREME_BALING_1.zip
2013-05-31 01:09 - 2013-05-31 01:09 - 14878725 ____A C:\Users\Norm\Downloads\Abbey_Manure_Handling_Kit_2013.zip
2013-05-31 01:08 - 2013-05-31 01:08 - 07078085 ____A C:\Users\Norm\Downloads\Volvo_BM_Slurry_Tanker_2013.exe
2013-05-31 01:06 - 2013-05-31 01:06 - 02587151 ____A C:\Users\Norm\Downloads\Kidd_FH_346.exe
2013-05-31 00:58 - 2013-05-31 00:58 - 08025941 ____A C:\Users\Norm\Downloads\Silage_Trailers_UNZIP.zip
2013-05-30 19:02 - 2013-05-30 19:02 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec (1).exe
2013-05-30 18:32 - 2013-05-30 18:32 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec.exe
2013-05-30 18:30 - 2013-05-30 18:30 - 06225952 ____A C:\Users\Norm\Downloads\Ifor_Williams_FlatBed.exe
2013-05-30 18:29 - 2013-05-30 18:29 - 02911639 ____A C:\Users\Norm\Downloads\JF_FH1450.exe
2013-05-30 17:13 - 2013-05-30 17:13 - 00658001 ____A C:\Users\Norm\Downloads\StehrSilageCompactor1_1.exe
2013-05-30 17:12 - 2013-05-30 17:12 - 01285745 ____A C:\Users\Norm\Downloads\westTrailer.exe
2013-05-30 17:07 - 2013-05-30 17:07 - 01810597 ____A C:\Users\Norm\Downloads\Kane_Low_Loader.exe
2013-05-30 17:03 - 2013-05-30 17:03 - 14655535 ____A C:\Users\Norm\Downloads\NH8340_97.exe
2013-05-30 17:02 - 2013-05-30 17:03 - 24205656 ____A C:\Users\Norm\Downloads\NewHollandT7550.exe
2013-05-30 12:32 - 2013-05-30 12:33 - 00000000 ____D C:\Users\Norm\Desktop\Church Hill Silver
2013-05-28 10:39 - 2013-05-28 10:43 - 106036493 ____A C:\Users\Norm\Downloads\HolsteinValley.exe
2013-05-28 10:25 - 2013-05-28 10:25 - 16416638 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.zip
2013-05-28 10:20 - 2013-05-28 10:23 - 81388312 ____A C:\Users\Norm\Downloads\an_irish_arable_farm.exe
2013-05-27 20:48 - 2013-05-27 20:48 - 00172201 ____A C:\Users\Norm\Downloads\Hirable_Tools.rar
2013-05-27 20:28 - 2013-05-27 20:29 - 16503178 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.exe
2013-05-27 20:27 - 2013-05-27 20:28 - 14225895 ____A C:\Users\Norm\Downloads\MF5480.exe
 
==================== One Month Modified Files and Folders =======
 
2013-06-19 08:45 - 2012-12-27 15:34 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-19 08:45 - 2009-10-13 17:17 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 08:43 - 2009-03-30 23:14 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-19 08:43 - 2006-11-02 16:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 08:43 - 2006-11-02 16:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 08:43 - 2006-11-02 16:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 08:42 - 2006-11-02 16:42 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 08:41 - 2013-06-19 08:41 - 00061852 ____A C:\AdwCleaner[R2].txt
2013-06-19 08:41 - 2013-06-19 08:41 - 00058844 ____A C:\AdwCleaner[S1].txt
2013-06-19 08:41 - 2013-06-19 08:41 - 00003856 ____A C:\Windows\DeleteOnReboot.bat
2013-06-19 08:41 - 2010-11-17 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 08:39 - 2013-06-19 08:38 - 00061791 ____A C:\AdwCleaner[R1].txt
2013-06-19 08:33 - 2013-06-19 08:33 - 00000650 ____A C:\Users\Norm\Desktop\defogger_disable.log
2013-06-19 08:33 - 2013-06-19 08:33 - 00000188 ____A C:\Users\Norm\defogger_reenable
2013-06-19 08:33 - 2009-03-30 21:07 - 00000000 ____D C:\users\Norm
2013-06-19 08:32 - 2013-06-19 08:32 - 00648201 ____A C:\Users\Norm\Desktop\AdwCleaner.exe
2013-06-19 08:31 - 2013-06-19 08:31 - 00050477 ____A C:\Users\Norm\Desktop\Defogger.exe
2013-06-19 00:21 - 2013-02-25 00:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 00:17 - 2009-07-01 10:44 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3103576913-196209731-1286867056-1000UA.job
2013-06-19 00:09 - 2013-06-19 00:07 - 00030636 ____A C:\Users\Norm\Desktop\Addition.txt
2013-06-19 00:06 - 2013-06-19 00:06 - 00000000 ____D C:\FRST
2013-06-19 00:05 - 2013-06-19 00:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-19 00:04 - 2012-10-05 16:06 - 00000974 ____A C:\rkill.log
2013-06-19 00:02 - 2013-06-19 00:02 - 00000427 ____A C:\Users\Norm\Desktop\tdsskiller.exe - Shortcut.lnk
2013-06-19 00:02 - 2013-06-19 00:02 - 00000421 ____A C:\Users\Norm\Desktop\iExplore.exe - Shortcut.lnk
2013-06-18 23:46 - 2013-06-18 23:46 - 00000017 ____A C:\Users\Norm\Downloads\fixlist (7).txt
2013-06-18 23:43 - 2009-10-13 17:17 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 22:25 - 2013-06-19 00:02 - 01928350 ____A (Farbar) C:\Users\Norm\Desktop\FRST64.exe
2013-06-18 22:25 - 2013-06-18 22:24 - 00609336 ____A C:\Users\Norm\Downloads\setup (1).exe
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-18 22:22 - 2013-06-18 22:22 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-18 22:22 - 2013-06-18 22:21 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-06-18 22:21 - 2013-06-18 22:21 - 00609336 ____A C:\Users\Norm\Downloads\setup.exe
2013-06-18 22:01 - 2009-03-30 21:07 - 00001460 ____A C:\Users\Norm\AppData\Local\d3d9caps64.dat
2013-06-18 21:43 - 2012-11-08 13:15 - 00000000 ____D C:\Users\Norm\Documents\FIFA 13
2013-06-18 21:22 - 2010-11-30 16:51 - 00007916 ____A C:\Users\Norm\AppData\Local\d3d9caps.dat
2013-06-18 20:51 - 2013-06-18 20:51 - 00000277 ____A C:\Users\Norm\Downloads\fixlist.txt
2013-06-14 19:36 - 2008-01-21 04:26 - 00051310 ____A C:\Windows\PFRO.log
2013-06-13 21:50 - 2013-02-16 20:11 - 00000000 ____D C:\ProgramData\LogMeIn
2013-06-13 19:46 - 2008-01-21 02:53 - 01661653 ____A C:\Windows\WindowsUpdate.log
2013-06-13 10:53 - 2013-06-12 18:41 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-12 19:17 - 2009-07-01 10:44 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3103576913-196209731-1286867056-1000Core.job
2013-06-12 19:02 - 2009-07-14 16:08 - 00000892 ____A C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
2013-06-12 18:43 - 2013-06-12 18:42 - 04472121 ____A (CamStudio Open Source Dev Team                              ) C:\Users\Norm\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2013-06-12 18:41 - 2013-06-12 18:40 - 00434000 ____A C:\Users\Norm\AppData\Local\dd_vcredistMSI3258.txt
2013-06-12 18:41 - 2013-06-12 18:40 - 00011426 ____A C:\Users\Norm\AppData\Local\dd_vcredistUI3258.txt
2013-06-12 18:39 - 2013-06-12 18:39 - 00584600 ____A C:\Users\Norm\Downloads\cbsidlm-tr1_13-CamStudio-ORG-10067101.exe
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\Users\Norm\AppData\Roaming\TuneUp Software
2013-06-12 00:49 - 2013-06-12 00:49 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Users\Norm\AppData\Roaming\DVDVideoSoft
2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-12 00:47 - 2013-06-12 00:46 - 24941888 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Norm\Downloads\FreeYouTubeToMP3Converter.exe
2013-06-11 21:49 - 2010-10-26 11:28 - 00000000 ____D C:\Users\Norm\AppData\Roaming\FileZilla
2013-06-11 21:21 - 2013-02-25 00:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 21:21 - 2013-02-25 00:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:36 - 2010-06-17 00:04 - 00000000 ____D C:\Users\Norm\Desktop\Rooskey Cottage
2013-06-06 21:02 - 2013-06-06 21:02 - 02699009 ____A C:\Users\Norm\Downloads\Pailleuse_Agram_Jet_de_paille_Luxfarm_LS_2013.zip
2013-06-06 00:43 - 2013-06-06 00:43 - 04942811 ____A C:\Users\Norm\Downloads\Huehnerstall.zip
2013-06-05 20:20 - 2009-03-30 21:56 - 00002037 ____A C:\Users\Norm\Desktop\Google Chrome.lnk
2013-06-05 20:01 - 2013-06-05 20:00 - 19945212 ____A C:\Users\Norm\Downloads\ClaasLexion550.zip
2013-06-05 18:18 - 2013-06-05 18:17 - 20085933 ____A C:\Users\Norm\Downloads\ClaasLexion770TT.exe
2013-05-31 21:14 - 2013-05-31 21:07 - 135916243 ____A C:\Users\Norm\Downloads\Agrarfrost_Open_Me.zip
2013-05-31 21:11 - 2013-05-31 21:08 - 25685050 ____A C:\Users\Norm\Downloads\CaseCVX175.exe
2013-05-31 01:59 - 2013-05-31 01:59 - 05749340 ____A C:\Users\Norm\Downloads\EXTREME_BALING_1.zip
2013-05-31 01:09 - 2013-05-31 01:09 - 14878725 ____A C:\Users\Norm\Downloads\Abbey_Manure_Handling_Kit_2013.zip
2013-05-31 01:08 - 2013-05-31 01:08 - 07078085 ____A C:\Users\Norm\Downloads\Volvo_BM_Slurry_Tanker_2013.exe
2013-05-31 01:06 - 2013-05-31 01:06 - 02587151 ____A C:\Users\Norm\Downloads\Kidd_FH_346.exe
2013-05-31 00:58 - 2013-05-31 00:58 - 08025941 ____A C:\Users\Norm\Downloads\Silage_Trailers_UNZIP.zip
2013-05-30 19:02 - 2013-05-30 19:02 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec (1).exe
2013-05-30 18:32 - 2013-05-30 18:32 - 04382700 ____A C:\Users\Norm\Downloads\JF_FCT1060_ProTec.exe
2013-05-30 18:30 - 2013-05-30 18:30 - 06225952 ____A C:\Users\Norm\Downloads\Ifor_Williams_FlatBed.exe
2013-05-30 18:29 - 2013-05-30 18:29 - 02911639 ____A C:\Users\Norm\Downloads\JF_FH1450.exe
2013-05-30 17:13 - 2013-05-30 17:13 - 00658001 ____A C:\Users\Norm\Downloads\StehrSilageCompactor1_1.exe
2013-05-30 17:12 - 2013-05-30 17:12 - 01285745 ____A C:\Users\Norm\Downloads\westTrailer.exe
2013-05-30 17:07 - 2013-05-30 17:07 - 01810597 ____A C:\Users\Norm\Downloads\Kane_Low_Loader.exe
2013-05-30 17:03 - 2013-05-30 17:03 - 14655535 ____A C:\Users\Norm\Downloads\NH8340_97.exe
2013-05-30 17:03 - 2013-05-30 17:02 - 24205656 ____A C:\Users\Norm\Downloads\NewHollandT7550.exe
2013-05-30 12:33 - 2013-05-30 12:32 - 00000000 ____D C:\Users\Norm\Desktop\Church Hill Silver
2013-05-30 12:33 - 2010-11-03 23:17 - 00000000 ____D C:\Users\Norm\Desktop\Sharon - University
2013-05-30 12:18 - 2009-04-01 23:30 - 00002651 ____A C:\Users\Norm\Desktop\Microsoft Office Word 2007.lnk
2013-05-28 10:43 - 2013-05-28 10:39 - 106036493 ____A C:\Users\Norm\Downloads\HolsteinValley.exe
2013-05-28 10:25 - 2013-05-28 10:25 - 16416638 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.zip
2013-05-28 10:23 - 2013-05-28 10:20 - 81388312 ____A C:\Users\Norm\Downloads\an_irish_arable_farm.exe
2013-05-27 23:03 - 2009-06-15 08:31 - 00000000 ____D C:\Users\Norm\Desktop\Old Pals Bar
2013-05-27 22:57 - 2010-11-28 21:42 - 00000000 ____D C:\Users\Norm\AppData\Local\Paint.NET
2013-05-27 20:48 - 2013-05-27 20:48 - 00172201 ____A C:\Users\Norm\Downloads\Hirable_Tools.rar
2013-05-27 20:29 - 2013-05-27 20:28 - 16503178 ____A C:\Users\Norm\Downloads\Caterpillar725Ultra4.exe
2013-05-27 20:28 - 2013-05-27 20:27 - 14225895 ____A C:\Users\Norm\Downloads\MF5480.exe
2013-05-21 10:53 - 2006-11-02 13:46 - 00786894 ____A C:\Windows\System32\PerfStringBackup.INI
 
ZeroAccess:
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\00000004.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\201d3dde
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\6715e287
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\L\76603ac3
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\00000004.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\00000008.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\000000cb.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\80000000.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\80000032.@
C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}\U\80000064.@
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
C:\Users\Norm\gosetup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-06-18 23:51
 
==================== End Of Log ============================


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 03:08 AM

Run FRST.

Type the following in the edit box after "Search:"
 

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Edited by TB-Psychotic, 19 June 2013 - 03:09 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 04:24 AM

I cannot find my OS disc and I am unable to start in recovery mode. FRST search will not complete in normal mode or safe mode with command prompt

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 04:31 AM

Then we have to do something else:

 

 

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 05:28 AM

ComboFix will not run for me. It will sometime say in the first process window that file C://......pev.3 cannot be opened, and sometimes it will run to the blue Administrator screen and hang on the "Attempting to create new restore point" part.



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 05:35 AM

do you have a clean computer and the ability to burn a CD nearby?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 05:39 AM

Yes I do

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 05:53 AM

If you cannot find your boot media, we have to do the following:

 

 

FRST using UBCD4Win (WinXP):

We need to try and boot your computer using the Ultimate Boot CD for Windows (UBCD4win)

Please print this guide for future reference!

You will need: a blank CD, a Windows XP CD, a clean computer, and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

Step 1 - creating the ISO file

1. Please select a mirror and download the Ultimate Boot CD for Windows to your Desktop

  • Double-Click on the UBCD4Win.exe that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up
  • Note: Do not install to a folder with spaces in it's name, it is best to use the default C:\UBCD4Win
  • Note: Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read here for information regarding the files that normally trigger AV software.
  • At the very end, uncheck "Run UBCD4WinBuilder.exe when installation is complete", then click Finish


2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive



  • Open My Computer, navigate to: C:\ubcd4win
  • Double-click on UBCD4WinBuilder.exe
  • Click I Agree to the UBCD4Win PE Builder License
  • Click No when prompted to Search for Windows installation files
  • For Source: click on the ellipsis (...), then click on the drive with your Windows XP CD, then press Ok
  • For Custom: no information is necessary, leave blank
  • For Output: keep the default BartPE
  • For Media output select Create ISO image: (enter filename)
    Note: you can leave the default file name and path as well (C:\UBCD4Win\UBCD4WinBuilder.iso), but if you do change it make sure it is a folder without spaces in the name
  • Note: If your XP install disc is SP1 then please click the Plugins button and modify the following options:

     

     

    Click on each option, then click Enable/Disable so the correct value is displayed.

    Disabled - !Critical: DComLaunch Service [Building with XP SP1-DISABLE]
    Enabled - !Critical: LargeIDE Fix (KB331958) [Building with XP SP1-ENABLE]
  • Note: If you have a Dell XP install disc you will need to follow the instructions here: http://www.ubcd4win.com/faq.htm#dell


3. Click on the "Build" button



  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run its course
  • When the Build is finished you can click close, then exit


4. Burn your ISO file to CD





==========

Step 2 - downloading Farbar's Recovery Scan Tool (FRST)

Next, from your clean computer, download Farbar Recovery Scan Tool and save it to your flash drive.

note: you will need the 32-bit version to run with UBCD4Win

Now plug your flash drive back into your sick computer and move on to the next step.

==========

Step 3 - booting to the UBCD4Win CD

Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
 

  • Insert the UBCD4Win disc in to one of your CD/DVD drives
  • Restart your computer, the computer should choose to boot from the UBCD4Win CD automatically
  • If it doesn't and you are asked if you want to boot from CD, then choose that option
    note: more information on booting from CD can be obtained here
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter
  • It may take a little longer for the desktop to appear than it does when you start your computer normally, just let the process run itself until the desktop appears
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?, click Yes
  • You should now have a desktop that looks like this:
    Main.jpg


==========

Step 4 - running the FRST fix
 

  • Single click My computer from your UBCD4Win desktop to navigate to the Farbar Recovery Scan Tool (FRST.exe) you saved to your flash drive.
  • Double click on FRST.exe to begin running the tool
  • When the tool opens click Yes to disclaimer
    note: if prompted to download the latest version, please do so from the link in Step 2
  • Enter services.exe at the "search" field.
  • Click on the Seach File(s) button
  • It will make a log (search.txt) on the flash drive, close it and safely remove the USB drive
  • Insert the USB drive into your clean computer and post the log in your next reply

Edited by TB-Psychotic, 19 June 2013 - 05:54 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 05:55 AM

Windows XP? Both my machines are running windows vista

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 06:06 AM

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

 

 

When finished, disconnect from the internet!!!

 

 

 

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=923D002215E13DA7
    SearchScopes: HKCU - {E9324752-8BFD-FBF2-0CD1-507726499B2F} URL = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=681&product_id=691&affiliate_id=&channel=&toolbar_id=-1&toolbar_version=&install_country=GB&install_date=20110609&user_guid=0D009A6661F24B6D86ECC8C63EBD3009&machine_id=40fc77d82491216b9afdbaf863c07b7e&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
    BHO-x32: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
    Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
    FF Extension: SelectionLinks - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{AB6F7EFE-20F0-41F3-96BD-96D7DF8056D5}
    CHR HomePage: hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7
    CHR RestoreOnStartup: "hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=923D002215E13DA7"
    CHR DefaultSearchURL: (Delta Search) - http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=923D002215E13DA7
    CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
    CHR Extension: (Select Links App) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aineemkafbbcgobgdgehgcnmnmfgdkpg\4.3_0
    
    C:\Program Files (x86)\OApps
    C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\rehq8lnh.default\Extensions\{AB6F7EFE-20F0-41F3-96BD-96D7DF8056D5}
    C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aineemkafbbcgobgdgehgcnmnmfgdkpg
    C:\ProgramData\BrowserDefender
    C:\Program Files (x86)\Delta
    C:\Program Files (x86)\Wajam
    C:\Windows\Installer\{f769f5f2-1827-9adf-5c5e-513fefd15704}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Users\Norm\gosetup.exe
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Continue with MBAR (the file you downloaded)

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 19 June 2013 - 06:09 AM

That's ok Marius, I am at work now so it will a few hours before I get back to computer. Will post when scans are completed. Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users