Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serialtrunc is killing me! can't uninstall it, help plz


  • This topic is locked This topic is locked
15 replies to this topic

#1 Halpmeplz

Halpmeplz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 28 February 2014 - 03:41 AM

So I've been having an insane amount of popups for about 3 weeks, Norton doesn't find anything in scans but in the routine scans it disables Trojans like adh.2 and some others. I went looking through my installed/uninstalled programs and saw this serialtrunc program installed 3 weeks back that I didn't install, so I googled it and its some type of advertising adware spyware or something. every time I double click I get redirected to a obvious spam/advertisements site some of them are where im getting the Trojans from.

So I tried uninstalling serialtrunc but it freezes at 30%ish so I downloaded an uninstaller program called anvi uninstaller and it didn't help any it still freezes at 30%.

 

any help would be really really appriceated, Im about to do a complete system restore but I really don't wanna go that route.  I've been googleing how to uninstall it but it's very difficult and time consuming because of the adware, It literally took me over an hour just to register and type this.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 28 February 2014 - 03:46 AM

:welcome:

Hello Halpmeplz,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Halpmeplz

Halpmeplz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 28 February 2014 - 05:57 AM

 Hi Jo, I appreciate the help, here's the txt's

 

checkup.txt

Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 17 
 Java version out of Date!
  Adobe Flash Player 12.0.0.70 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (27.0.1)
 Google Chrome 33.0.1750.117 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

and the FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Torrey (administrator) on TORREY-PC on 28-02-2014 00:38:31
Running from C:\Users\Torrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ3PULBE
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ArcSoft, Inc.) C:\Users\Torrey\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe
() C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Spigot, Inc.) C:\Users\Torrey\AppData\Roaming\Search Protection\SearchProtection.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe
() C:\Users\Torrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ3PULBE\SecurityCheck.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-23] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\Run: [uTorrent] - C:\Users\Torrey\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)
HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\Run: [SearchProtection] - C:\Users\Torrey\AppData\Roaming\Search Protection\SearchProtection.EXE [837992 2013-12-31] (Spigot, Inc.)
HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\MountPoints2: {0f3a3da8-4ab2-11e0-ae0c-1c7508850157} - E:\HPLauncher.exe
Startup: C:\Users\Torrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Torrey\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKCU - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM - DefaultScope {B977C314-3E26-4295-BEFF-DB2329976CCC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B977C314-3E26-4295-BEFF-DB2329976CCC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - DefaultScope {2A85D730-D34A-4D69-A76E-98D2AEA1C520} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2A85D730-D34A-4D69-A76E-98D2AEA1C520} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - DefaultScope {FA38713E-2420-4C16-B60A-503ED5176044} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {01D86926-DBD9-4853-999E-7B0B5BF9294E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {13314098-B634-4DEA-AEE8-F85E279C8963} URL = http://search.avg.com/route/?d=4da02761&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {2A85D730-D34A-4D69-A76E-98D2AEA1C520} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {869293D8-F11D-473A-8113-9762A7CE2050} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS422
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={ABFA1731-15EF-4811-B40D-CEB0403DC938}&mid=75828c52549647d68b2fcd3c4e61e8a4-a17ed5921a4291735aa7a35d914f7335409458fc&lang=en&ds=st011&pr=sa&d=2012-05-13 19:55:23&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AB7681F6-8BE2-43A4-BDC5-FC3D998FD54F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
SearchScopes: HKCU - {B977C314-3E26-4295-BEFF-DB2329976CCC} URL =
SearchScopes: HKCU - {FA38713E-2420-4C16-B60A-503ED5176044} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Media Viewer - {79bb57b9-666d-4a5e-b948-97364e0cebd2} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ie\MediaViewerV1alpha1488.dll No File
BHO-x32: Re-markit - {8f1eeb06-6317-4472-a024-b97ca0b3a5d0} - C:\Program Files (x86)\Re-markit\150.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Media View - {e1dd10e9-ccb7-4525-b45f-b41795a2a725} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ie\MediaViewV1alpha3570.dll ()
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 24.25.227.55 209.18.47.61 24.25.227.53

FireFox:
========
FF ProfilePath: C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default
FF user.js: detected! => C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\user.js
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CUI=UN60608920918816541&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\searchplugins\yahoo_ff.xml
FF Extension: uTorrentControl2  - C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2014-01-20]
FF Extension: WOT - C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_13_2 [2014-02-27]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1488.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff [2014-02-23]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3570.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff [2014-02-27]
FF HKCU\...\Firefox\Extensions: [{d59ba74c-1d23-439e-8b3b-64c895083f46}] - C:\Program Files (x86)\Re-markit\150.xpi

==================== Services (Whitelisted) =================

R2 BackupService; C:\Users\Torrey\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 Update SerialTrunc; C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe [111904 2014-02-25] ()
R2 Util SerialTrunc; C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe [111904 2014-02-25] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20140227.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20140227.009\ENG64.SYS [126040 2014-02-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20140227.009\EX64.SYS [2099288 2014-02-18] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-28 00:22 - 2014-02-28 00:38 - 00000000 ____D () C:\FRST
2014-02-27 21:30 - 2014-02-27 21:30 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Users\Torrey\AppData\Local\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-27 21:30 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-02-27 19:45 - 2014-02-27 19:45 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-27 19:00 - 2014-02-27 21:12 - 00000336 _____ () C:\windows\setupact.log
2014-02-27 19:00 - 2014-02-27 19:00 - 00000000 _____ () C:\windows\setuperr.log
2014-02-26 06:04 - 2014-02-26 06:04 - 00002350 _____ () C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
2014-02-24 12:10 - 2014-02-24 12:10 - 00002816 _____ () C:\{48C6904A-BBAA-40A1-8ADD-E2A35EDE6660}
2014-02-24 10:26 - 2014-02-24 10:26 - 00003672 _____ () C:\{8C9E2BE1-1686-4422-AA54-E4881379C389}
2014-02-24 10:25 - 2014-02-24 10:25 - 00004248 _____ () C:\{6D50A618-C5AF-4AA0-9B36-FB5EAAF84B27}
2014-02-23 19:46 - 2014-02-23 19:46 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-21 19:45 - 2014-02-21 20:30 - 00000000 ____D () C:\Users\Torrey\AppData\Local\NPE
2014-02-21 16:05 - 2014-02-21 16:05 - 00004248 _____ () C:\{1FF46A8A-1706-447E-BD8E-F53AAD66E5F9}
2014-02-18 03:03 - 2014-02-27 19:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-17 22:09 - 2014-02-17 22:09 - 00011024 _____ () C:\{B9662F95-B81D-4881-95C1-1DC8DC9913E0}
2014-02-17 20:33 - 2014-02-27 22:47 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Deployment
2014-02-17 20:33 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Apps\2.0
2014-02-17 00:45 - 2014-02-17 00:45 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-16 12:06 - 2014-02-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 07:25 - 2014-02-16 07:25 - 00000280 _____ () C:\{B4474048-F90D-4448-BC9C-D380BD5D01BF}
2014-02-12 03:06 - 2013-12-20 23:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 03:06 - 2013-12-20 22:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 03:05 - 2014-02-06 02:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 03:05 - 2014-02-06 01:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 03:05 - 2014-02-06 01:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-12 03:05 - 2014-02-06 01:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 03:05 - 2014-02-06 01:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-12 03:05 - 2014-02-06 01:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-12 03:05 - 2014-02-06 00:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 03:05 - 2014-02-06 00:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-12 03:05 - 2014-02-06 00:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-12 03:05 - 2014-02-06 00:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-12 03:05 - 2014-02-06 00:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-12 03:05 - 2014-02-06 00:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-12 03:05 - 2014-02-06 00:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 03:05 - 2014-02-06 00:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-12 03:05 - 2014-02-06 00:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 03:05 - 2014-02-06 00:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-12 03:05 - 2014-02-06 00:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 03:05 - 2014-02-06 00:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-12 03:05 - 2014-02-06 00:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:05 - 2014-02-05 23:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 03:05 - 2014-02-05 23:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 03:05 - 2014-02-05 23:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 03:05 - 2014-02-05 23:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-12 03:05 - 2014-02-05 23:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-12 03:05 - 2014-02-05 23:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-12 03:05 - 2014-02-05 23:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-12 03:05 - 2014-02-05 23:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-12 03:05 - 2014-02-05 23:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 03:05 - 2014-02-05 23:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-12 03:05 - 2014-02-05 23:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 03:05 - 2014-02-05 23:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 03:05 - 2014-02-05 23:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 03:05 - 2014-02-05 23:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-12 03:05 - 2014-02-05 23:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 03:05 - 2014-02-05 22:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 03:05 - 2014-02-05 22:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 03:05 - 2014-02-05 22:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-12 03:05 - 2014-02-05 22:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 03:05 - 2014-02-05 22:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-11 21:21 - 2013-12-31 13:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-11 21:21 - 2013-12-31 13:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-11 21:21 - 2013-12-24 13:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-11 21:21 - 2013-12-24 12:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-11 21:21 - 2013-12-05 16:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-11 21:21 - 2013-12-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-11 21:21 - 2013-12-05 16:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-11 21:21 - 2013-12-05 16:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-11 21:21 - 2013-12-03 16:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-11 21:21 - 2013-12-03 16:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-11 21:21 - 2013-12-03 16:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-11 21:21 - 2013-12-03 16:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-11 21:21 - 2013-12-03 16:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-11 21:21 - 2013-12-03 16:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-11 21:21 - 2013-12-03 16:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-11 21:21 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 21:21 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-11 21:21 - 2013-12-03 16:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-11 21:21 - 2013-12-03 15:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-11 21:21 - 2013-12-03 15:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-11 21:21 - 2013-12-03 15:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 21:21 - 2013-12-03 15:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 21:21 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-11 21:21 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-11 14:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-02-11 13:58 - 2014-02-11 13:58 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-02-06 21:13 - 2014-02-06 21:13 - 00000512 _____ () C:\{19C99D44-9DFE-4EF3-827F-AD9A8EA5E20D}
2014-02-05 04:53 - 2014-02-05 04:53 - 00000280 _____ () C:\{212A6062-9D4F-4F0C-831E-B0EE89262258}
2014-01-31 19:44 - 2014-02-27 19:34 - 00000386 _____ () C:\windows\Tasks\Re-markit Update.job
2014-01-31 19:44 - 2014-02-18 03:00 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-01-31 19:44 - 2014-01-31 19:44 - 00003036 _____ () C:\windows\System32\Tasks\Re-markit Update
2014-01-31 19:43 - 2014-02-27 04:00 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc

==================== One Month Modified Files and Folders =======

2014-02-28 00:38 - 2014-02-28 00:22 - 00000000 ____D () C:\FRST
2014-02-28 00:16 - 2012-06-18 12:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 22:53 - 2010-10-26 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-27 22:47 - 2014-02-17 20:33 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Deployment
2014-02-27 21:50 - 2014-02-17 20:33 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Apps\2.0
2014-02-27 21:30 - 2014-02-27 21:30 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Users\Torrey\AppData\Local\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-27 21:12 - 2014-02-27 19:00 - 00000336 _____ () C:\windows\setupact.log
2014-02-27 20:25 - 2011-02-15 08:00 - 01281601 _____ () C:\windows\WindowsUpdate.log
2014-02-27 19:52 - 2011-03-07 15:40 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Google
2014-02-27 19:45 - 2014-02-27 19:45 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-27 19:45 - 2014-02-18 03:03 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 19:45 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-02-27 19:34 - 2014-01-31 19:44 - 00000386 _____ () C:\windows\Tasks\Re-markit Update.job
2014-02-27 19:00 - 2014-02-27 19:00 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 17:17 - 2009-07-13 19:13 - 00006450 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-27 05:49 - 2012-02-11 21:09 - 00000000 ____D () C:\Users\Torrey\AppData\Roaming\uTorrent
2014-02-27 05:49 - 2011-04-13 23:43 - 00000000 ____D () C:\Users\Torrey\AppData\Local\CrashDumps
2014-02-27 05:49 - 2010-10-27 09:18 - 00000000 ____D () C:\windows\Panther
2014-02-27 04:10 - 2009-07-13 18:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 04:10 - 2009-07-13 18:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 04:02 - 2013-07-14 21:02 - 00000000 ____D () C:\Users\Torrey\AppData\Local\TSVNCache
2014-02-27 04:01 - 2009-07-13 19:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-27 04:00 - 2014-01-31 19:43 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc
2014-02-27 03:53 - 2011-03-09 15:13 - 00000000 ____D () C:\Users\Torrey\AppData\Roaming\vlc
2014-02-26 06:05 - 2011-03-07 15:58 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Tific
2014-02-26 06:04 - 2014-02-26 06:04 - 00002350 _____ () C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
2014-02-25 23:00 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\rescache
2014-02-25 18:20 - 2012-05-13 23:04 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-02-24 12:10 - 2014-02-24 12:10 - 00002816 _____ () C:\{48C6904A-BBAA-40A1-8ADD-E2A35EDE6660}
2014-02-24 10:26 - 2014-02-24 10:26 - 00003672 _____ () C:\{8C9E2BE1-1686-4422-AA54-E4881379C389}
2014-02-24 10:25 - 2014-02-24 10:25 - 00004248 _____ () C:\{6D50A618-C5AF-4AA0-9B36-FB5EAAF84B27}
2014-02-23 19:46 - 2014-02-23 19:46 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-22 23:40 - 2012-06-11 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 20:30 - 2014-02-21 19:45 - 00000000 ____D () C:\Users\Torrey\AppData\Local\NPE
2014-02-21 19:47 - 2011-02-15 08:18 - 00000000 ____D () C:\ProgramData\Norton
2014-02-21 16:05 - 2014-02-21 16:05 - 00004248 _____ () C:\{1FF46A8A-1706-447E-BD8E-F53AAD66E5F9}
2014-02-20 16:18 - 2012-06-18 12:36 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 16:18 - 2012-06-18 12:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 16:18 - 2011-07-05 12:51 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 03:03 - 2011-03-07 15:10 - 00000000 ____D () C:\Users\Torrey
2014-02-18 03:00 - 2014-01-31 19:44 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-02-18 03:00 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\registration
2014-02-17 22:09 - 2014-02-17 22:09 - 00011024 _____ () C:\{B9662F95-B81D-4881-95C1-1DC8DC9913E0}
2014-02-17 00:45 - 2014-02-17 00:45 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-17 00:45 - 2009-07-13 17:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-02-16 12:10 - 2013-12-09 18:57 - 00000000 ____D () C:\Program Files (x86)\Diablo II(2)
2014-02-16 12:06 - 2014-02-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 07:25 - 2014-02-16 07:25 - 00000280 _____ () C:\{B4474048-F90D-4448-BC9C-D380BD5D01BF}
2014-02-15 03:19 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-02-15 03:06 - 2011-03-16 17:58 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-11 17:32 - 2011-03-07 15:12 - 00001428 _____ () C:\Users\Torrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-11 17:28 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-02-11 13:58 - 2014-02-11 13:58 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-02-08 01:31 - 2013-09-12 17:45 - 00001081 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-07 15:29 - 2011-03-07 16:55 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Mozilla
2014-02-06 21:13 - 2014-02-06 21:13 - 00000512 _____ () C:\{19C99D44-9DFE-4EF3-827F-AD9A8EA5E20D}
2014-02-06 02:16 - 2014-02-12 03:05 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 01:30 - 2014-02-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 01:30 - 2014-02-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 01:12 - 2014-02-12 03:05 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 01:07 - 2014-02-12 03:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 01:06 - 2014-02-12 03:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 00:57 - 2014-02-12 03:05 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 00:56 - 2014-02-12 03:05 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 00:52 - 2014-02-12 03:05 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 00:49 - 2014-02-12 03:05 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 00:48 - 2014-02-12 03:05 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 00:48 - 2014-02-12 03:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 00:38 - 2014-02-12 03:05 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 00:32 - 2014-02-12 03:05 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 00:20 - 2014-02-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 00:17 - 2014-02-12 03:05 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 00:11 - 2014-02-12 03:05 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 00:01 - 2014-02-12 03:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 00:00 - 2014-02-12 03:05 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-05 23:57 - 2014-02-12 03:05 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-05 23:57 - 2014-02-12 03:05 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-05 23:52 - 2014-02-12 03:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-05 23:52 - 2014-02-12 03:05 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-05 23:50 - 2014-02-12 03:05 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-05 23:49 - 2014-02-12 03:05 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-05 23:47 - 2014-02-12 03:05 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-05 23:46 - 2014-02-12 03:05 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-05 23:25 - 2014-02-12 03:05 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-05 23:25 - 2014-02-12 03:05 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-05 23:24 - 2014-02-12 03:05 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-05 23:22 - 2014-02-12 03:05 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-05 23:13 - 2014-02-12 03:05 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-05 23:09 - 2014-02-12 03:05 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-05 23:03 - 2014-02-12 03:05 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-05 22:55 - 2014-02-12 03:05 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-05 22:41 - 2014-02-12 03:05 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-05 22:40 - 2014-02-12 03:05 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-05 22:36 - 2014-02-12 03:05 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-05 22:34 - 2014-02-12 03:05 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-05 04:53 - 2014-02-05 04:53 - 00000280 _____ () C:\{212A6062-9D4F-4F0C-831E-B0EE89262258}
2014-01-31 19:44 - 2014-01-31 19:44 - 00003036 _____ () C:\windows\System32\Tasks\Re-markit Update

Some content of TEMP:
====================
C:\Users\Torrey\AppData\Local\Temp\setapp.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-19 13:58

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Torrey at 2014-02-28 00:39:51
Running from C:\Users\Torrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ3PULBE
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Media View (HKLM-x32\...\MediaViewV1alpha3570) (Version: 1.1 - Media View)
Media Viewer (HKLM-x32\...\MediaViewerV1alpha1488) (Version: 1.1 - Media Viewer)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MUD - FIM Motocross World Championship (HKLM-x32\...\{D1F1E4D2-D2D3-4391-92EF-F63A79A67B36}) (Version: 1.00.0000 - Milestone)
MUD - FIM Motocross World Championship (x32 Version: 1.00.0000 - Milestone) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 5.2.2.3 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Re-markit (HKLM-x32\...\e8127d3d-9013-488d-894f-8e6aa28dee82) (Version:  - Re-markit Software) <==== ATTENTION
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Search Protection (HKCU\...\Search Protection) (Version: 8.5.0.2 - Spigot, Inc.)
SerialTrunc (HKLM\...\SerialTrunc) (Version: 2014.01.31.020533 - SerialTrunc)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
TortoiseSVN 1.8.0.24401 (64 bit) (HKLM\...\{67630560-B0DC-4FC6-8B04-7B949F8ABEF0}) (Version: 1.8.24401 - TortoiseSVN)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)

==================== Restore Points  =========================

27-02-2014 18:48:18 Scheduled Checkpoint
28-02-2014 07:33:10 Revo Uninstaller Pro's restore point - SerialTrunc
28-02-2014 07:38:47 Revo Uninstaller Pro's restore point - SerialTrunc

==================== Hosts content: ==========================

2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3992BDF0-1153-4EC8-8882-9CFD5370AD3C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {3EED3BB9-2450-461B-9A2C-0886A4E58BA3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {3FBC0F6A-2761-48AD-8A21-0778C3E8AA90} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe [2014-01-31] () <==== ATTENTION
Task: {63899BD4-93DB-4A05-8366-C6267654A0E6} - System32\Tasks\{E23BB78E-65BA-4A7D-B4B0-5EB5F6BC2D78} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-06-05] (Blizzard North)
Task: {7A5C3BC1-E1A3-4685-BC57-B981E584E358} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {D281988A-960D-4450-B677-1D8045CED491} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {F52A0EE1-C35D-401F-BC94-5A80A774C2FF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-01-30 16:05 - 2014-02-25 00:43 - 00111904 _____ () C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe
2014-01-31 20:50 - 2014-02-25 00:10 - 00111904 _____ () C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe
2013-06-17 20:27 - 2013-06-17 20:27 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-06-17 20:27 - 2013-06-17 20:27 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-04-07 14:07 - 2010-04-07 14:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 11:26 - 2009-11-03 11:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 12:15 - 2010-03-03 12:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 12:15 - 2010-03-03 12:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-26 17:22 - 2009-06-22 12:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 17:08 - 2009-03-12 17:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 14:38 - 2009-07-25 14:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 14:44 - 2010-02-05 14:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-28 00:07 - 2014-02-28 00:07 - 00987425 _____ () C:\Users\Torrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ3PULBE\SecurityCheck.exe
2013-07-07 09:14 - 2013-07-07 09:14 - 01589248 _____ () C:\Program Files (x86)\Notepad++\plugins\DSpellCheck.dll
2011-07-18 11:07 - 2011-07-18 11:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 10:46 - 2011-09-21 10:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2013-06-17 19:35 - 2013-06-17 19:35 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-06-17 19:34 - 2013-06-17 19:34 - 00070896 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-01-31 19:44 - 2014-01-31 19:44 - 00146944 _____ () C:\Program Files (x86)\Re-markit\150.dll
2014-02-26 14:06 - 2014-02-26 14:06 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ie\MediaViewV1alpha3570.dll
2014-02-06 14:15 - 2014-02-27 04:02 - 00398112 _____ () C:\Program Files (x86)\SerialTrunc\bin\SerialTrunc.BrowserFilter.Helper.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2014 09:39:38 PM) (Source: Application Hang) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c0

Start Time: 01cf3458228ffe18

Termination Time: 0

Application Path: C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (02/27/2014 09:37:33 PM) (Source: Application Hang) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 132c

Start Time: 01cf34576701909a

Termination Time: 0

Application Path: C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (02/27/2014 09:33:09 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7451ac35-c2d0-4cd4-a8e9-a62211317c8e}

Error: (02/27/2014 08:04:21 PM) (Source: Application Hang) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1534

Start Time: 01cf344ac21f4053

Termination Time: 0

Application Path: C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (02/27/2014 07:59:45 PM) (Source: Application Hang) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 151c

Start Time: 01cf34496bbc8c28

Termination Time: 16

Application Path: C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (02/27/2014 06:10:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/27/2014 05:17:21 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/27/2014 05:17:21 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/27/2014 04:04:19 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/26/2014 11:49:01 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (02/27/2014 07:36:30 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (02/25/2014 00:04:54 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Error: (02/25/2014 00:03:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (02/23/2014 09:17:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Error: (02/23/2014 03:46:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (02/23/2014 03:46:12 AM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (02/22/2014 11:38:05 PM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (02/22/2014 04:28:40 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/21/2014 07:55:06 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (02/21/2014 07:54:14 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (02/27/2014 09:39:38 PM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0c001cf3458228ffe180C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Error: (02/27/2014 09:37:33 PM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0132c01cf34576701909a0C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Error: (02/27/2014 09:33:09 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7451ac35-c2d0-4cd4-a8e9-a62211317c8e}

Error: (02/27/2014 08:04:21 PM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0153401cf344ac21f40530C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Error: (02/27/2014 07:59:45 PM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0151c01cf34496bbc8c2816C:\Users\Torrey\AppData\Local\Temp\~nsu.tmp\Au_.exe

Error: (02/27/2014 06:10:29 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/27/2014 05:17:21 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (02/27/2014 05:17:21 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (02/27/2014 04:04:19 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/26/2014 11:49:01 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3890.67 MB
Available physical RAM: 1636.38 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 5488.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI106041W0C) (Fixed) (Total:452.7 GB) (Free:397.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 2604F481)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

==================== End Of Log ============================



#4 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 28 February 2014 - 06:32 AM

Hello Halpmeplz,
 

HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\Run: [uTorrent] - C:\Users\Torrey\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)

 

P2P - I see you have P2P software uTorrent installed on your machine.

  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.

Please note:

  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

I would advice you, uninstall it now.
You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

---

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.

 

---

Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Edited by Jo*, 28 February 2014 - 06:54 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Halpmeplz

Halpmeplz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 28 February 2014 - 08:58 AM

alrighty, utorrent uninstalled successfully.  There was no malware found, here's the mbar-log-

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Torrey :: TORREY-PC [administrator]

2/28/2014 2:09:11 AM
mbar-log-2014-02-28 (02-09-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 218444
Time elapsed: 14 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

and here's the AdwCleaner[R0]

 

# AdwCleaner v3.020 - Report created 28/02/2014 at 02:52:56
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Torrey - TORREY-PC
# Running from : C:\Users\Torrey\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\user.js
File Found : C:\windows\System32\Tasks\Re-markit Update
File Found : C:\windows\Tasks\Re-markit Update.job
Folder Found : C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MediaPlayerV1
Folder Found C:\Program Files (x86)\Re-markit
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\Users\Torrey\AppData\Local\Conduit
Folder Found C:\Users\Torrey\AppData\Local\OpenCandy
Folder Found C:\Users\Torrey\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Torrey\AppData\LocalLow\Conduit
Folder Found C:\Users\Torrey\AppData\LocalLow\PriceGong
Folder Found C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\ConduitCommon
Folder Found C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\CT3072253
Folder Found C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\Smartbar
Folder Found C:\Users\Torrey\AppData\Roaming\OpenCandy
Folder Found C:\Users\Torrey\AppData\Roaming\Search Protection

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\prefs.js ]

Line Found : user_pref("CT3072253..clientLogIsEnabled", false);
Line Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3072253./9b+7e+x305.from_oldbar.enc", "JH4nQTM0NjN5RTo9KnIseXp+ejEoMztHSVNGLVhNUD0mPy0uMTVEO0ZOT1tWXmlbQm1iZVI7VEJDRklZUFtjfXN7blUhdXhlTmdVVllbbGNudnwmKzB7aTUqLXlie2lqbW4hdyMrNzt0NHxIPSBF[...]
Line Found : user_pref("CT3072253./9b+7e,x305.from_oldbar.enc", "JH4oQS8/Pjd5RTo9KnIseXt4fTEoMzxHSEAsV0xPPCU+LC4rL0M6RU5ZUFtXZ2pmQm1iRV5pVD1WREZDRltSXWZxbCFua1h9c2dQaVdZVlhuZXB5MycyfWo2Ky56Y3xqbGlqIngkLUY6PkVGSUxA[...]
Line Found : user_pref("CT3072253./9b+7e-x305.from_oldbar.enc", "JH4pMnZBNjk3MzVFOX4/STsvdzF+ICUgNi04QkdKWFFaXFhdUF9ZOWRZXEkySzk6PzlQR1JcQXNoa2llZ3t5b217blUhdXhZJnZoUWpYWV5Xb2ZxezAkMiQ4J205LjFxPi8haSNwcXV4KH4qNDk8[...]
Line Found : user_pref("CT3072253./9b+7e/x305.from_oldbar.enc", "JH4rQTU2MnhEOTwpcSt4fHt3MCcyPkxDQ1NOLVhbPCU+LDAuNEM6RVFYYmleZ1pBbGFkUTpTQUVDSFhPWmZte3xxdHJucCF0dFsne35rVG1bX11hcml0IS8nJiY7MXE6KD46QjY+QTR7QDxIeyBN[...]
Line Found : user_pref("CT3072253./9b+7e06cg5el8:.from_oldbar.enc", "bm1pb29tcHBycw==");
Line Found : user_pref("CT3072253./9b+7e06cg5el;8i:k.from_oldbar.enc", "JH4tLyJqdHNvdXVzdnZ4eSQvS0lHT0I1fV1cPQ==");
Line Found : user_pref("CT3072253./9b+7e0x305.from_oldbar.enc", "JH4sQDpAd0M4OyhwKnd8dX0vJjE+QSlVR0hNUVpOWlkyXVJVQitEMjcwN0lAS1heaF5wbm5mdGJuaWtNeG1wXUZfTVJLUWRbZnMje3csKiovJWQwJSh0XXZkaWJne3J9KzZ0OjYyPUBANXxIPUAt[...]
Line Found : user_pref("CT3072253./9b+7e1x305.from_oldbar.enc", "JH4tQTE9QDJ5RTo9KnIsend5fjEoM0FHPkVHRUgvWk9SPyhBMC0vM0Y9SFZiZWhca2dfbXBgSHNoa1hBWklGSEtfVmFvfCF9dHR6eCdfKyAjb1hxYF1fYXZteCc3OjYwMio9QXZCNzonbyl3dHZ3[...]
Line Found : user_pref("CT3072253./9b+7e2x305.from_oldbar.enc", "JH4uNUIxPT05OntHPD8sdC55IH0yKTRDVlVORy5ZTlEyXk9BKkM1NzIxSD9KWWVfX2JsW3FzaXVpdXRNeG1wUX5rYEliUlBUUWdeaXgoLXx8Yy8kJ3NcdWRmZmh6cXwsO0AwQDx0eDQ9MHxIPUAt[...]
Line Found : user_pref("CT3072253./9b+7e31;cj7fk;kg#8qkef)til.from_oldbar.enc", "JH5hOT8jayVzdHZ0KiEsbkFPRE0yejRDUldHV1MvRF1XUVI1YFVYRTxHKmFeXFtvW1dhbVI7VENWTVg7Z2NteV5HYFJiWWRHc3R9aVJrWm1kbyIhJTEhNCR3YEAhe14sOy8s[...]
Line Found : user_pref("CT3072253./9b+7e31;cj7fk;kg#ncep@mc+vkn.from_oldbar.enc", "JH5hOT8jayVzdHFxKiEsbkFPRE0yejRDUldHV1MvWk9RXExZTzdiV1pHPkksWFReak84UTxTSlU4ZGVuWkNcS15VYHJxdSJxJXRoUTFxbCIvfC8rclt6dVgwNnliezsxL2[...]
Line Found : user_pref("CT3072253./9b+7e31;cjc<=fbj#ncf.from_oldbar.enc", "JH5hOT8jayV1dndxKiEsbkFPRE0yejRPSElSTlYvWk9SPzZBJFBMVmJHMEk7S0JNMGxib3RxZmlnbHRmdn15eXMgaGFKY1RXWFloX2pNeXokb1hxYHNqdSgnKzcnOip9ZkYnImQyQT[...]
Line Found : user_pref("CT3072253./9b+7e31;cjg9kdg<dh??'fdp.from_oldbar.enc", "JH5hOT8jayVudHIpICttQE5DTDF5M1JEVk9SR09TSkoyUU9bQjlEJ2RZVFxXWlRNNk98IFJJVDdjZG1ZQltMS15VYHJxdSJxJXRoUTFxbCIvfC8rclt6dVgwNnliezsxL2dhUF[...]
Line Found : user_pref("CT3072253./9b+7e31;cjhb>f!lad.from_oldbar.enc", "JH5hOT8jayVzc3kpICttQE5DTDF5M1NNSVEsV0xPPDM+IU1JU19ELUYxSD9KLVlaY084UUBTSlViZm1ZQiJiXW17emFKY2ojI3V1enx6eXoreH1iVzo1an1YbUFscGVDRHRGR3ZJSnxL[...]
Line Found : user_pref("CT3072253./9b+7e31;cjhjib>nil%peh.from_oldbar.enc", "JH5hOT8jayV2b3l0eisiLW9CUEVOM3s1VVdWT0tbVlkyXVJVQjlEJ2RZVFxXWlRNNk98IFJJVDd0d2VZQltMT15VYENvcHllTmdYV2phbH59Ii59MSF0XT19eFspOCwpNz49Imok[...]
Line Found : user_pref("CT3072253./9b+7e31;cjig=ki\"mbe.from_oldbar.enc", "JH5hOT8jayV0cXgpICttQE5DTDF5M1RSSFZULVhNUD00PyJfYlBELUY4NklASy5aW2RQOVJDQlVMV2Rob1tEY15ufHtiS2RrcyR3fU8yLWJ1UGU5ZGhdOzxsPj9uQUJ0Q3YlIngkQk[...]
Line Found : user_pref("CT3072253./9b+7e4x305.from_oldbar.enc", "JH4wLEB2Qjc6J28pd3t0di4lMEE+T0lKUitVVTojPCsvKClBOENUUV5dVmFfVmhcQm1iZVI7VENGSUpZUFtsaXp+IXAjcHZZJXl8XSp6bFVuXWBjY3NqdSckMTgxNzI2KHM/NDd3RTInbyl3en18[...]
Line Found : user_pref("CT3072253./9b+7e5x305.from_oldbar.enc", "JH4xNkIrd0M4OyhwKnl1encvJjFDSz1JVkpQWS5ZTjFKVUApQjIuMy9HPklbXVlaal5YcHJiZ0l0aWxZQltLR0tRYFdidHwkc3N3JiAkICpiLiMmclt0ZGBkaXlwey42PS4uNDR3Qzh6ND8qcix7[...]
Line Found : user_pref("CT3072253./9b+7e6x305.from_oldbar.enc", "JH4yLD4yMjI4RT58SD1ALXUvfnskJDQrNklTVFJZWFpaUFJONmFWWUYvSDg1PTxNRE9ibG1rcnFqd2FNeG1wXUZfT0xUUWRbZnl7Jnh4KX4vKS0yMGczKCt3YHlpZm5qfnUhNDZAQ0Y8PXxIPUAt[...]
Line Found : user_pref("CT3072253./9b+7e7x305.from_oldbar.enc", "JH4zPSw/Pj95RTo9KnIse3p5ejEoM0dRP0RVWUJMWjFcUVRBKkMzMjA3SD9KXmhWW1lwYG5sZmFkc0x3bG9cRV5OTUtRY1pleSR6KSN4emEtIiVxWnNjYmBleG96Ly8rODg0PEIwMjQ5QzY0SztJ[...]
Line Found : user_pref("CT3072253./9b+7e8x305.from_oldbar.enc", "JH40PT87NTc7PzZ8R0csdC5+eCMyKTRJVlVARy5ZTlE+J0AwMjUzRTxHXFVYY2plbmJebGFrcGhzS3ZrbltEXU1PUk9iWWR5J3ZyKnkoYCwhJHBZcmJkZ2J3bnkvNCs8MXM/NHYwOyZuKHd5fHYt[...]
Line Found : user_pref("CT3072253./9b+7e9x305.from_oldbar.enc", "JH41Myw/MnhEOTwpcSt7dXl5MCcySExPT0RQTEdUWFxQSDRfVFdELUY3MTU0S0JNY2tdX19zaWtKdWptWkNcTUdLSWFYY3kib3QlKCR5YCwhJHBZcmNdYGh3bnkwOjorKi50QDU4JW0nd3F0eywj[...]
Line Found : user_pref("CT3072253./9b+7e:x305.from_oldbar.enc", "JH42Mzs4MnhEOTwpcSt7dnl6MCcySUhVRUQsV0xPPCU+LyotLUM6RVxnVVteP2pfYk84UUI9QD9WTVhvemh4bHFxVCB0d2RNZldSVVNrYm0lfi16ZjInKnZfeGlkZm59dCA3QjIyMkZENXxHRyx0[...]
Line Found : user_pref("CT3072253./9b+7e;x305.from_oldbar.enc", "JH43PzM/NzhCL3tHPD8sdC5+enoiMyo1TUYsV0xPPCU+LysrMUM6RV1jVldcXFpBbGFkUTpTREBARVhPWnJzcXp4bSJWInZ5Zk9oWVVVWW1kbygkLCcqMiEwJ205LjF9ZiBwbGxuJXsnPzpIfklJ[...]
Line Found : user_pref("CT3072253./9b+7e<x305.from_oldbar.enc", "JH44NDAwRC9GNkQ3fUk+QS52MCF9JCY1LDdQTEdXUUtPRzRfVFdELUY3NDo6S0JNZl5wW2RlcWNKdWptWkNcTUpQT2FYY3xxeSB1JiFfKyAjb1hxYl9lYnZteDIuMCUsODIydUE2OSZuKHh1e3ct[...]
Line Found : user_pref("CT3072253./9b+7e=x305.from_oldbar.enc", "JH45MzY/QUE3OTV8SD1ALXUvIH4gIjQrNlBUWVdMVU9RWzRfVFdELUY3Njc4S0JNZ2twbmBvYWZrY2ZNeG1wXUZfUE9QUGRbZiElfHlzemEtIiVxWnNkY2RjeG96NT0yM0A/Oz8zeEQ5PClxK3t6[...]
Line Found : user_pref("CT3072253./9b+7e>x305.from_oldbar.enc", "JH46QTY/MjI4OHtHPD8sdC5+ICF8Myo1UE9TRkgvWk9SPyhBMjM0L0Y9SGNcXWZiakNuY2ZTPFVGR0hCWlFcd3B3cyAjcSFZJXl8aVJrXF1dYXBnci4hLiQ4KDg3Lyo6LnM/NDckbCZ2d3d6KyIt[...]
Line Found : user_pref("CT3072253./9b+7e?x305.from_oldbar.enc", "JH47LS8vM0E0QDo6fUlMLXUvICMgfjQrNlJQTFJJVVJWUlw1YFVYRS5HODs4NkxDTmpwb19lY11zb2d1eGhMZXBrVCB0d2RNZldaV1RrYm0qIisvJS5oNCkseGF6a25rZyB2Ij5EQkEzNkE8PiBL[...]
Line Found : user_pref("CT3072253./9b+7e@x305.from_oldbar.enc", "JH48QEIrd0M4OyhwKnt2fngvJjFOUlQ9KlVKLUZRPCU+MCszLEM6RWJnVlFiWWVfX0NuY0ZfalU+V0lETERcU157IXR8eCF0WiZ6fWpTbF5ZYGJxaHMxNCkmJm05LjF9ZiBxbHN0JXsnRDY5PT9F[...]
Line Found : user_pref("CT3072253./9b+7eax305.from_oldbar.enc", "JH49PTc4d0M4OyhwKnt6dX4vJjFPS1JLREVJS0lIVFBYWVJTX1E4Y1hbSDFKPDs2PU9GUW9rbm1jd21odmZQe3BzYEliVFNOVGdeaSgsdCsrMCZlMSYpdV53aWhjaHxzfj0wLj0yMjg2RHxIPUAt[...]
Line Found : user_pref("CT3072253./9b+7ebe3g=;d9n9=d.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZJZXFzTTNLVw==");
Line Found : user_pref("CT3072253./9b+7ecx305.from_oldbar.enc", "JH4/PTAwQzEuekY7PitzLXsgfjEoM1NRVlVRV1pPWExeM15TVkMsRTQ4NklAS2tZVmxoa0ZxZmlWP1hHS0hcU15+bGlWInZ5Zk9oV1tXbGNuLzEhJjAjNio1LCw6MTlxPTI1ImokcnZxKH4qSkE/[...]
Line Found : user_pref("CT3072253./9b+7edx305.from_oldbar.enc", "JH5ANUIqNjh5RTo9KnIsfSAvJjFSR1Q8SEosV0wvSFM+J0AyM0M6RWZbaFBcXkBrbk84UUNDVEtWd2x5YW1vUXxxVHhzY0xlV1ZoX2osIS51IiRlLiN0XXZoZnlwez06LjIyNDExRTtDe0c8Pyx0[...]
Line Found : user_pref("CT3072253./9b+7etx305.from_oldbar.enc", "JH5uLy47MjNCNXtEOStzLXp7e3wyKTQjUkxUV0dKTlBWXUphUV9dV1JVZD1oXWBNNk89Pj49VEtWRUhqc21pb1J9cnViS2RSU1NRaWBrWnt7dyYueWczKCt3YHlnaGdvfnUhcm01Pjg0OnxIPUAt[...]
Line Found : user_pref("CT3072253./9b-0?3g>d.from_oldbar.enc", "bT0+b2s/dXR6dHFJdiBLd0t5JU5PIyYqKCUqJCYtKixcMDEq");
Line Found : user_pref("CT3072253./9b-0?3g@6:5;.from_oldbar.enc", "AA==");
Line Found : user_pref("CT3072253./9b-0?3gfa7ef.from_oldbar.enc", "Ky4sPQ==");
Line Found : user_pref("CT3072253./9b-3=3eccja=f>.from_oldbar.enc", "JH4zPSxFL0E1J28penkgfiIhMCcyP0NKNn44UkdITSUxMk5dUU5cY2I7WVhiaWhnYGJqRXBlaEhzc3N5ZnBpUX5tcWpFc0lDOUVkdnkkJ1JfW2wgLyMgLjU0XWpmdzwrYzs8fUIvaXV1e3p9[...]
Line Found : user_pref("CT3072253./9b/>01=9a6k6<im;krie@pdawm.from_oldbar.enc", "amlrcnN0dXY=");
Line Found : user_pref("CT3072253./9b3=>@44i48?.from_oldbar.enc", "NywtMml1djNCNjNBSEcgPj1HTk1MRUdPKlVKTS1YWFheS1VONmNSVk8=");
Line Found : user_pref("CT3072253./9b5ba==9cjag.from_oldbar.enc", "Pj89Pm9wb0J6ckVHSXR7dUl8Tk1O");
Line Found : user_pref("CT3072253./9b6b11g28b8jhhokg>b.from_oldbar.enc", "bm1pb29tcHByc3hxew==");
Line Found : user_pref("CT3072253./9b6b11g4c56b>f;p;anr@p.from_oldbar.enc", "bm1pb29tcHByeHBxcw==");
Line Found : user_pref("CT3072253./9b9643g3/9e.from_oldbar.enc", "ag==");
Line Found : user_pref("CT3072253./9b;45>:bi9i7ie.from_oldbar.enc", "Ky4sPQ==");
Line Found : user_pref("CT3072253./9b<:222h64<.from_oldbar.enc", "OT81Lz4=");
Line Found : user_pref("CT3072253./9b<:222h64<l8daj.from_oldbar.enc", "bXBwb3Z0cnl3cyp6eXJ8d3UgIQ==");
Line Found : user_pref("CT3072253./9b=+03eh8h8j?:.from_oldbar.enc", "REM=");
Line Found : user_pref("CT3072253./9b?+e2a52d8.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZkcHJ5UVVeXlI=");
Line Found : user_pref("CT3072253./9b?b0d:8aj62<h.from_oldbar.enc", "bQ==");
Line Found : user_pref("CT3072253./9ba@0<0bi6a7gn:6@l?.from_oldbar.enc", "bA==");
Line Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3072253.AppTrackingLastCheckTime", "Thu Mar 01 2012 21:15:09 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129572937280362976", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Line Found : user_pref("CT3072253.CT3072253.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Found : user_pref("CT3072253.CTID", "CT3072253");
Line Found : user_pref("CT3072253.ConfigurationLastCheckTime", "Fri Dec 13 2013 20:34:36 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.CurrentServerDate", "14-12-2013");
Line Found : user_pref("CT3072253.DSInstall", false);
Line Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Dec 13 2013 20:34:36 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.DownloadReferralCookieData", "");
Line Found : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.FirstServerDate", "10-2-2012");
Line Found : user_pref("CT3072253.FirstTime", true);
Line Found : user_pref("CT3072253.FirstTimeFF3", true);
Line Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3072253.HPInstall", false);
Line Found : user_pref("CT3072253.HasUserGlobalKeys", true);
Line Found : user_pref("CT3072253.HomePageProtectorEnabled", false);
Line Found : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT3072253.Initialize", true);
Line Found : user_pref("CT3072253.InitializeCommonPrefs", true);
Line Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
Line Found : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
Line Found : user_pref("CT3072253.InstalledDate", "Thu Feb 09 2012 19:41:44 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.IsAlertDBUpdated", true);
Line Found : user_pref("CT3072253.IsGrouping", false);
Line Found : user_pref("CT3072253.IsInitSetupIni", true);
Line Found : user_pref("CT3072253.IsMulticommunity", false);
Line Found : user_pref("CT3072253.IsOpenThankYouPage", true);
Line Found : user_pref("CT3072253.IsOpenUninstallPage", false);
Line Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Fri Dec 13 2013 20:34:35 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3072253.LastLogin_3.10.0.1", "Thu Apr 19 2012 16:07:03 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.12.0.7", "Sat May 05 2012 11:07:57 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.12.2.3", "Sat Jun 02 2012 00:14:03 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Thu Jul 19 2012 22:32:03 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Sep 25 2012 16:31:47 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Wed Nov 07 2012 00:07:19 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.16.0.3", "Thu Feb 14 2013 13:06:23 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.18.0.7", "Sun Jul 14 2013 17:40:47 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.19.0.3", "Tue Sep 10 2013 15:34:28 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.20.0.4", "Fri Dec 13 2013 20:34:34 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LastLogin_3.9.0.3", "Thu Mar 08 2012 00:53:42 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT3072253.Locale", "en");
Line Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT3072253.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3072253.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Found : user_pref("CT3072253.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3072253.SF_USER_ID", "%E9%EF%EA%E5%B8%B6%BA%B8%B6%B7%B9%B7%BF%B7%BA%B9%BA%B9%BA%BC%B9%BD%BF%B9");
Line Found : user_pref("CT3072253.SF_USER_ID.enc", "Y2lkXzIwNDIwMTMxOTE0MzQzNDYzNzkz");
Line Found : user_pref("CT3072253.SearchAPILastCheckTime", "Fri Dec 13 2013 20:34:36 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.SearchAppState.enc", "Mw==");
Line Found : user_pref("CT3072253.SearchAppTracking.enc", "MQ==");
Line Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Sep 10 2013 15:34:25 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT3072253.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Found : user_pref("CT3072253.SearchProtectorEnabled", false);
Line Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Fri Dec 13 2013 20:34:36 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.SettingsLastCheckTime", "Fri Dec 13 2013 20:34:21 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.SettingsLastUpdate", "1385283463");
Line Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Line Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri Dec 13 2013 20:34:20 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3072253.UserID", "UN60608920918816541");
Line Found : user_pref("CT3072253.ValidationData_Search", 1);
Line Found : user_pref("CT3072253.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3072253._9b90e_.3c;7b=?ofb>>rhiqs.from_oldbar.enc", "OT81Lz4=");
Line Found : user_pref("CT3072253._9b_7e.:2z527.from_oldbar.enc", "JH5xcnB2MzEmbih3enN7dS4lMCInU0VHKlRUOSI7Ky4vLjJBOEM1Nzg4WVxmV1pBaV5QOVJCRUVGSVhPWkxOTkttbXNxIFgkeHtoUWpaXVpdWXBncmRlX2VrMCt6Y3xtaWhpayN5JXZ2dkM8P0[...]
Line Found : user_pref("CT3072253._9b_7e.x305.from_oldbar.enc", "JH4qQTc3RDQzekY7PitzLXp9fCEyKTQ/VkZUUkxHSllaSFFQXlFSOWRZXEkySzk8Oz5QR1JdbGprb3htaFBqb3FxdCJWInZ5Zk9oVllYWm1kb3p7Mn1oNCkseGF6aGtqayB2Ii1AOjNGQD5HfklJ[...]
Line Found : user_pref("CT3072253._key_cl_active", "%B6%B9%B8%B6%BE%E7%BC%EB%B3%E9%BC%BA%BC%B3%BA%BF%B6%B7%B3%E7%B9%EC%B7%B3%EA%BF%BE%BE%BC%EB%EB%BE%B7%B7%E7%EC");
Line Found : user_pref("CT3072253._key_cl_active.enc", "MDMyMDhhNmUtYzY0Ni00OTAxLWEzZjEtZDk4ODZlZTgxMWFm");
Line Found : user_pref("CT3072253.acp_personal.appstate.from_oldbar.enc", "ZW5hYmxl");
Line Found : user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3072253.alertChannelId", "1463702");
Line Found : user_pref("CT3072253.autoDisableScopes", -1);
Line Found : user_pref("CT3072253.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "247E717270763331266E28777A737B752E253022275345472A545439223B2B2E2F2E3241384335373838595C66575A41695E5039524245454649584F5A4C4E4E4B6D6D7371205824787[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D696F6F6D70707273");
Line Found : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736F75757376767879242F4B49474F42357D5D5C3D");
Line Found : user_pref("CT3072253.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E414F444D327A344352574757532F445D57515235605558453C472A615E5C5B6F5B57616D523B5443564D583B67636D795E476[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F74716669676C7466767D7979732068614A6[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cjg9kdg<dh??'fdp", "247E61393F236B256E747229202B6D404E434C3179335244564F52474F534A4A32514F5B423944276459545C575A544D364F7C205249543763646D59425B4C4B5E55607[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A5562666D594222625D6D7B7A614A636[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cjhjib>nil%peh", "247E61393F236B25766F79747A2B222D6F4250454E337B355557564F4B5B5659325D5255423944276459545C575A544D364F7C205249543774776559425B4C4F5E5560436[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C31793354524856542D584D503D343F225F6250442D46383649404B2E5A5B645039524342554C5764686F5B44635E6E7C7B624[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("CT3072253.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Found : user_pref("CT3072253.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Found : user_pref("CT3072253.backendstorage./9b-0?3g>d", "6D3D3E6F6B3F75747A74714976204B774B79254E4F23262A28252A24262D2A2C5C30312A");
Line Found : user_pref("CT3072253.backendstorage./9b-0?3g@6:5;", "");
Line Found : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Found : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297A79207E22213027323F434A367E385247484D2531324E5D514E5C63623B59586269686760626A457065684873737379667069517E6D716A457349433[...]
Line Found : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Found : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3E3F3D3E6F706F427A72454749747B75497C4E4D4E");
Line Found : user_pref("CT3072253.backendstorage./9b6b11g28b8jhhokg>b", "6E6D696F6F6D7070727378717B");
Line Found : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D696F6F6D70707278707173");
Line Found : user_pref("CT3072253.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
Line Found : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");
Line Found : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Found : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");
Line Found : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F7674727977732A7A79727C77752021");
Line Found : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");
Line Found : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");
Line Found : user_pref("CT3072253.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Found : user_pref("CT3072253.backendstorage.acp_personal.appstate", "656E61626C65");
Line Found : user_pref("CT3072253.backendstorage.bbactive", "796573");
Line Found : user_pref("CT3072253.backendstorage.bbid", "34633538623935656661306430636536");
Line Found : user_pref("CT3072253.backendstorage.cb_experience_000", "32");
Line Found : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Line Found : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423537333234323437333733315F46697265666F78");
Line Found : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Line Found : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Line Found : user_pref("CT3072253.backendstorage.cbfirsttime", "5468752046656220303920323031322031393A34313A343520474D542D313030302028486177616969616E205374616E646172642054696D6529");
Line Found : user_pref("CT3072253.backendstorage.cbopenmamsettings", "30");
Line Found : user_pref("CT3072253.backendstorage.last_client_stats_submit_2", "31333639393031323536");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_last_submit_6", "31333833343735393037");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_irrelevant", "3230");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_new", "30");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_not_supported", "30");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_supported", "33");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_history", "30");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_pop", "30");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_related", "30");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_typed", "30");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333833343738303436");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_not_supported", "31333737393435343938");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported", "31333833343738323839");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|local_cookie_stats_stats_use_pop", "31333738303136363136");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|local_cookie_stats_stats_use_related", "31333738303136363131");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=alpine%20window%20shims&l=search.yahoo.com&t=2&v=0.5&d=conduit2", "31333739353539363336");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=alpine%2bwindows&l=alpinewindowsystems.com&t=2&v=0.5&d=conduit2", "31333739353539383234");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=alpine%2bwindows&l=search.yahoo.com&t=2&v=0.5&d=conduit2", "31333739353539363936");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=amish&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333737313338323335");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=boston%20craigslist&l=boston.craigslist.org&t=2&v=0.51&d=conduit2", "31333833333839373433");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=cody%20galbraith&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735343432373034");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=cody%2bgalbraith%2blorreta%2blynn%2bresults&l=www.bing.com&t=2&v=0.4&d=conduit2", "3133373534[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=cody%2bgalbraith%2blorreta%2blynn&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735343432373535[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=cody%2bgalbraith%2blorreta%2blynns&l=www.youtube.com&t=2&v=0.4&d=conduit2", "3133373534343237[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=cody%2bgalbraith%2blorretas&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735343432373436");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=cody%2bgalbraith&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735343431383336");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=craigslist%2bmaui&l=honolulu.craigslist.org&t=2&v=0.51&d=conduit2", "31333833323733313638");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=google&l=www.google.com&t=2&v=0.4&d=conduit2", "31333735353133343239");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=kekoa%2bkeau%2blorreta%2blynn%2bresults&l=www.mauimotox.com&t=2&v=0.4&d=conduit2", "313337353[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=kekoa%2bkeau%2blorreta%2blynn%2bresults&l=www.sendbreetotennessee.com&t=2&v=0.4&d=conduit2", [...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%20lynn%20motocross&l=www.mxsports.com&t=2&v=0.4&d=conduit2", "31333735353133343834");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%20lynn&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735343431333635");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bmotocross&l=www.mxsports.com&t=2&v=0.4&d=conduit2", "31333735333439363333");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2branch&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735333439363231");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bbronson%2bhethcote&l=llvault.racerxonline.com&t=2&v=0.4&d=conduit2[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bbronson%2bhethcote&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bcody%2bcorrea&l=www.bing.com&t=2&v=0.4&d=conduit2", "3133373534343[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bcody%2bgalbraith&l=www.bing.com&t=2&v=0.4&d=conduit2", "3133373534[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bjustice%2blaidmen&l=www.bing.com&t=2&v=0.4&d=conduit2", "313337353[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bkainoa%2bkamakaala&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2bkainoa%2bkamakala&l=www.bing.com&t=2&v=0.4&d=conduit2", "313337353[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2branger%2blaidmen&l=live.tracksideonlineresults.com&t=2&v=0.4&d=con[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults%2branger%2blaidmen&l=www.bing.com&t=2&v=0.4&d=conduit2", "3133373534[...]
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=loretta%2blynn%2bresults&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735343430383130");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=lorretta%20lynns&l=www.bing.com&t=2&v=0.4&d=conduit2", "31333735333439363032");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=maui%20backpage&l=maui.backpage.com&t=2&v=0.51&d=conduit2", "31333833343736303131");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=myfreecams&l=www.myfreecams.com&t=2&v=0.4&d=conduit2", "31333735333235313133");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=myfreecams.com&l=www.myfreecams.com&t=2&v=0.4&d=conduit2", "31333735313332333133");
Line Found : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=vanessaheartsyou&l=classifieds.myredbook.com&t=2&v=0.51&d=conduit2", "31333833343737333438");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appsconfig", "7B2241707073436F6E66696775726174696F6E223A5B7B226964223A22436C61726974795F416374697665222C2275726C223A22687474703A2F2F73746F726167652E636F6E647[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstate_clarity_active", "6F6E");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333837303032393036333931");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_calledsetupservice", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_currentbadgevalue", "30");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E31322E302E35");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333837303032393037303331");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B226469616C6F674F4B223A7B2254657874223A224F4B227D2C22646D626F7831223A7B2254657874223A224465616C5C725C6E6F662074686520646179227D2C22646D626F7[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_mamenabled", "74727565");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_newapps", "5B5D");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.10.2.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238365F31222C22697354657374223[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223A223230313331313033222C22696E74657276616C223A32343[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.12.0.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223A223230313331323134222C22696E74657276616C223A32343[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.2", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2233355F30222C22697354657374223A[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.9.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238335F30222C22697354657374223A[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_showclosebutton", "74727565");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_stamp", "38335F30");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_userid", "37393530343832632D303965342D343531642D623338662D613736353436663931303736");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_welcomedialogmode", "31");
Line Found : user_pref("CT3072253.backendstorage.pg_enable", "74727565");
Line Found : user_pref("CT3072253.backendstorage.searchappstate", "33");
Line Found : user_pref("CT3072253.backendstorage.searchapptracking", "31");
Line Found : user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");
Line Found : user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");
Line Found : user_pref("CT3072253.backendstorage.sf_user_id", "6369645F3230343230313331393134333433343633373933");
Line Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F666F72756D2E6D79726564626F6F6B2E636F6D2F6367692D62696E2F616C696E6B2E706C3F61633D687474703A2F2F7777772E76616E657373616D6173736167652[...]
Line Found : user_pref("CT3072253.bbactive.from_oldbar.enc", "eWVz");
Line Found : user_pref("CT3072253.bbid.from_oldbar.enc", "NGM1OGI5NWVmYTBkMGNlNg==");
Line Found : user_pref("CT3072253.cb_experience_000", "%BB%BC");
Line Found : user_pref("CT3072253.cb_experience_000.enc", "NTY=");
Line Found : user_pref("CT3072253.cb_firstuse0100", "%B7");
Line Found : user_pref("CT3072253.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3072253.cb_user_id_000", "%C9%C8%BB%BD%B9%B8%BA%B8%BA%BD%B9%BD%B9%B7%E5%CC%EF%F8%EB%EC%F5%FE");
Line Found : user_pref("CT3072253.cb_user_id_000.enc", "Q0I1NzMyNDI0NzM3MzFfRmlyZWZveA==");
Line Found : user_pref("CT3072253.cbcountry_000.from_oldbar.enc", "VVM=");
Line Found : user_pref("CT3072253.cbcountry_001.from_oldbar.enc", "VVM=");
Line Found : user_pref("CT3072253.cbfirsttime", "%DA%EE%FB%A6%CC%EB%E8%A6%B6%BF%A6%B8%B6%B7%B8%A6%B7%BF%C0%BA%B7%C0%BA%BB%A6%CD%D3%DA%B3%B7%B6%B6%B6%A6%AE%CE%E7%FD%E7%EF%EF%E7%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%E[...]
Line Found : user_pref("CT3072253.cbfirsttime.enc", "VGh1IEZlYiAwOSAyMDEyIDE5OjQxOjQ1IEdNVC0xMDAwIChIYXdhaWlhbiBTdGFuZGFyZCBUaW1lKQ==");
Line Found : user_pref("CT3072253.cbopenmamsettings.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.components.129593762370823811", false);
Line Found : user_pref("CT3072253.countryCode", "US");
Line Found : user_pref("CT3072253.embeddedsData", "[{\"appId\":\"129571859753931591\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3072253.firstTimeDialogOpened", true);
Line Found : user_pref("CT3072253.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3072253.fullUserID", "UN60608920918816541.UP.20140120201008");
Line Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Dec 13 2013 20:34:51 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3072253.initDone", true);
Line Found : user_pref("CT3072253.installId", "ConduitXPEIntegration");
Line Found : user_pref("CT3072253.installType", "ConduitXPEIntegration");
Line Found : user_pref("CT3072253.isAppTrackingManagerOn", false);
Line Found : user_pref("CT3072253.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3072253.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3072253.keyword", true);
Line Found : user_pref("CT3072253.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=UN60608920918816541&SSPV=&Lay=1&UM=\"}");
Line Found : user_pref("CT3072253.lastVersion", "10.20.101.5");
Line Found : user_pref("CT3072253.last_client_stats_submit_2.from_oldbar.enc", "MTM2OTkwMTI1Ng==");
Line Found : user_pref("CT3072253.local_cookie_stats_last_submit_6.from_oldbar.enc", "MTM4MzQ3NTkwNw==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_site_irrelevant.from_oldbar.enc", "MjA=");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_site_new.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_site_not_supported.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_site_supported.from_oldbar.enc", "Mw==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_use_history.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_use_pop.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_use_related.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.local_cookie_stats_stats_use_typed.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant.from_oldbar.enc", "MTM4MzQ3ODA0Ng==");
Line Found : user_pref("CT3072253.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_not_supported.from_oldbar.enc", "MTM3Nzk0NTQ5OA==");
Line Found : user_pref("CT3072253.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported.from_oldbar.enc", "MTM4MzQ3ODI4OQ==");
Line Found : user_pref("CT3072253.local_cookie_throttle_baseadd_stats|local_cookie_stats_stats_use_pop.from_oldbar.enc", "MTM3ODAxNjYxNg==");
Line Found : user_pref("CT3072253.local_cookie_throttle_baseadd_stats|local_cookie_stats_stats_use_related.from_oldbar.enc", "MTM3ODAxNjYxMQ==");
Line Found : user_pref("CT3072253.mam_gk_appStateReportTime", "%B7%B9%BF%B9%BB%BD%BD%BD%BD%BA%BD%BC%BF");
Line Found : user_pref("CT3072253.mam_gk_appStateReportTime.enc", "MTM5MzU3Nzc3NDc2OQ==");
Line Found : user_pref("CT3072253.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Found : user_pref("CT3072253.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Found : user_pref("CT3072253.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Found : user_pref("CT3072253.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3072253.mam_gk_appState_PriceGong", "%F5%F4");
Line Found : user_pref("CT3072253.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3072253.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Found : user_pref("CT3072253.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Found : user_pref("CT3072253.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3072253.mam_gk_appsdefaultenabled.from_oldbar.enc", "bnVsbA==");
Line Found : user_pref("CT3072253.mam_gk_appstate_clarity_active.from_oldbar.enc", "b24=");
Line Found : user_pref("CT3072253.mam_gk_calledSetupService", "%B7");
Line Found : user_pref("CT3072253.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3072253.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Line Found : user_pref("CT3072253.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Line Found : user_pref("CT3072253.mam_gk_currentbadgevalue.from_oldbar.enc", "MA==");
Line Found : user_pref("CT3072253.mam_gk_currentversion.from_oldbar.enc", "MS4xMi4wLjU=");
Line Found : user_pref("CT3072253.mam_gk_existingUsersRecoveryDone", "%B7");
Line Found : user_pref("CT3072253.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3072253.mam_gk_first_time", "%B7");
Line Found : user_pref("CT3072253.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3072253.mam_gk_lastLoginTime", "%B7%B9%BF%B9%BB%BD%BD%BD%BD%BB%B9%B9%B6");
Line Found : user_pref("CT3072253.mam_gk_lastLoginTime.enc", "MTM5MzU3Nzc3NTMzMA==");
Line Found : user_pref("CT3072253.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Found : user_pref("CT3072253.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Found : user_pref("CT3072253.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3072253.mam_gk_newApps", "%E1%E3");
Line Found : user_pref("CT3072253.mam_gk_newApps.enc", "W10=");
Line Found : user_pref("CT3072253.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Found : user_pref("CT3072253.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3072253.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3072253.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMjYiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJB[...]
Line Found : user_pref("CT3072253.mam_gk_settings1.13.0.17", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Line Found : user_pref("CT3072253.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAyMjgiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjgzXzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJ[...]
Line Found : user_pref("CT3072253.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Found : user_pref("CT3072253.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3072253.mam_gk_showclosebutton.from_oldbar.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3072253.mam_gk_showwelcomegadget.from_oldbar.enc", "ZmFsc2U=");
Line Found : user_pref("CT3072253.mam_gk_stamp", "%BE%B9%E5%B6");
Line Found : user_pref("CT3072253.mam_gk_stamp.enc", "ODNfMA==");
Line Found : user_pref("CT3072253.mam_gk_userBornDate", "%D4%B5%C7");
Line Found : user_pref("CT3072253.mam_gk_userBornDate.enc", "Ti9B");
Line Found : user_pref("CT3072253.mam_gk_userId", "%BD%BF%BB%B6%BA%BE%B8%E9%B3%B6%BF%EB%BA%B3%BA%BB%B7%EA%B3%E8%B9%BE%EC%B3%E7%BD%BC%BB%BA%BC%EC%BF%B7%B6%BD%BC");
Line Found : user_pref("CT3072253.mam_gk_userId.enc", "Nzk1MDQ4MmMtMDllNC00NTFkLWIzOGYtYTc2NTQ2ZjkxMDc2");
Line Found : user_pref("CT3072253.mam_gk_user_approval_interacted", "%B7");
Line Found : user_pref("CT3072253.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3072253.mam_gk_user_approval_interacted.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT3072253.mam_gk_welcomeDialogMode", "%B7");
Line Found : user_pref("CT3072253.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3072253.mam_gk_welcomedialogmode.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT3072253.myStuffEnabled", true);
Line Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3072253.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.myfreecams.com%2F%23Lounge\",\"EB_MAIN_FRAME_TITLE\":\"Lounge%20-%20MyFreeCams.com%20\",\"EB_SEARCH_TERM\":\"\",[...]
Line Found : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129805375651312503,129749445881800338,129573915102477663,1000080,1000515,1000,1001,1002,1003,1004,1005,[...]
Line Found : user_pref("CT3072253.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT3072253.originalSearchAddressUrl", "");
Line Found : user_pref("CT3072253.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT3072253.pg_enable.from_oldbar.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3072253.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3072253.revertSettingsEnabled", true);
Line Found : user_pref("CT3072253.search.searchAppId", "129571859753931591");
Line Found : user_pref("CT3072253.search.searchCount", 1);
Line Found : user_pref("CT3072253.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3072253.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3072253.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3072253\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControl2.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl2 \"}");
Line Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3072253.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3072253.serviceLayer_services_Configuration_lastUpdate", "1393577769389");
Line Found : user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1393134895579");
Line Found : user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1393577768718");
Line Found : user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1393134895727");
Line Found : user_pref("CT3072253.serviceLayer_services_login_10.20.101.5_lastUpdate", "1393577768686");
Line Found : user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1393134895975");
Line Found : user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1393577768874");
Line Found : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1393577768440");
Line Found : user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1393577768649");
Line Found : user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1393577768896");
Line Found : user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1393577768588");
Line Found : user_pref("CT3072253.settingsINI", true);
Line Found : user_pref("CT3072253.sf_status.from_oldbar.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3072253.showToolbarPermission", "false");
Line Found : user_pref("CT3072253.smartbar.CTID", "CT3072253");
Line Found : user_pref("CT3072253.smartbar.Uninstall", "0");
Line Found : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
Line Found : user_pref("CT3072253.testingCtid", "");
Line Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Fri Dec 13 2013 20:34:36 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.toolbarBornServerTime", "10-2-2012");
Line Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Dec 13 2013 20:34:36 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.toolbarCurrentServerTime", "28-2-2014");
Line Found : user_pref("CT3072253.toolbarLoginClientTime", "Mon Jan 20 2014 20:10:56 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CT3072253.upgradeFromOBVersion", true);
Line Found : user_pref("CT3072253.url_history0001", "%EE%FA%FA%F6%F9%C0%B5%B5%FD%FD%FD%B4%ED%F5%F5%ED%F2%EB%B4%E9%F5%F3%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BF%B8%B7%B6%BE%B6%BA%BE%B9%B6%BE%[...]
Line Found : user_pref("CT3072253.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzOTIxMDgwNDgzMDgsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM5MjEwODA0ODMxMCwsLGh0dHBz[...]
Line Found : user_pref("CT3072253.usagesFlag", 2);
Line Found : user_pref("CT3072253_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1393577807721,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"8ce24be9483cacc1344dba16098a45cd3\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3072253", "GNmdGrr6syWWiO5HPrW6Kg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3072253", "inm6N6Ad2DrQKGUsOGzkLg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3072253", "6nU8AIjBECdJeC23UVuipQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3072253", "Y3Dtc1pIAMMkuUpvgoTeaw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"f4cb1557a8bece1:16f8\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"04afd94b864cd1:14f9\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151f\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:16c0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"f414eeaa6bece1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:12e4\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT3072253&ver=3.20.0.4&client=ToolbarConfiguration", "\"35e4041f985ed334842cb9624bddafb2\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1188a5c37394a218a0bb301d788ab482\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Torrey\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\iqqks3l6.default\\conduitCommon\\modules\\3.20.0.4");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Line Found : user_pref("CommunityToolbar.globalUserId", "1e9f5a17-0e1a-47d7-b79d-e0f31aff73ed");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 13 2013 20:34:51 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 13 2013 21:34:52 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 13 2013 20:34:44 GMT-1000 (Hawaiian Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "919a3630-4104-41e0-a1a7-a448650ae753");
Line Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3072253");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3072253");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&CU[...]
Line Found : user_pref("smartbar.machineId", "PWY3ANQCL+2FBNINN76HKQIOYGHYJGMDYY+PXJ4LRHGXDOUUE5X7WDK3/PYUQL96917SXA7PM5JIK+MNFTRN3W");
Line Found : user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

*************************

AdwCleaner[R0].txt - [76115 octets] - [28/02/2014 02:52:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [76176 octets] ##########



#6 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 28 February 2014 - 09:08 AM

Hello Halpmeplz,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 04 March 2014 - 03:55 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Halpmeplz

Halpmeplz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 05 March 2014 - 02:27 AM

Hi jo, sorry for the delay ive been really busy the past few days, anyway heres those 3 .txt reports. Its running better, faster and no popups. but norton is still finding threats like ffmediaveiwer1alpha1488chaction.js (adware.adpopup) norton removes them but its come back and norton keeps removing it, it hasn't found any trojans or anything else i dont think. Also I think i uninstalled serialtrunc but not sure cuz it froze at 30% like usual so i used task manager to end program and as i did that it went past 30% uninstalled to like 75% then closed, but its no longer in my uninstall or change a program list so im assumeing it uninstalled successfully.

 

AdwCleaner[S2]

# AdwCleaner v3.020 - Report created 04/03/2014 at 20:49:02
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Torrey - TORREY-PC
# Running from : C:\Users\Torrey\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Torrey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [73433 octets] - [28/02/2014 02:52:56]
AdwCleaner[R1].txt - [76354 octets] - [28/02/2014 04:30:03]
AdwCleaner[R2].txt - [1167 octets] - [03/03/2014 16:05:40]
AdwCleaner[R3].txt - [1207 octets] - [04/03/2014 20:46:44]
AdwCleaner[S0].txt - [77300 octets] - [28/02/2014 04:40:24]
AdwCleaner[S1].txt - [1231 octets] - [03/03/2014 16:08:36]
AdwCleaner[S2].txt - [1129 octets] - [04/03/2014 20:49:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1189 octets] ##########
 
 
 
 
FSRT
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by Torrey (administrator) on TORREY-PC on 04-03-2014 21:09:33
Running from C:\Users\Torrey\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ArcSoft, Inc.) C:\Users\Torrey\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-23] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2336298010-2542904912-1872351079-1001\...\MountPoints2: {0f3a3da8-4ab2-11e0-ae0c-1c7508850157} - E:\HPLauncher.exe
Startup: C:\Users\Torrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Torrey\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {01D86926-DBD9-4853-999E-7B0B5BF9294E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {AB7681F6-8BE2-43A4-BDC5-FC3D998FD54F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {B977C314-3E26-4295-BEFF-DB2329976CCC} URL = 
SearchScopes: HKCU - {FA38713E-2420-4C16-B60A-503ED5176044} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Media Viewer - {79bb57b9-666d-4a5e-b948-97364e0cebd2} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ie\MediaViewerV1alpha1488.dll No File
BHO-x32: Re-markit - {8f1eeb06-6317-4472-a024-b97ca0b3a5d0} - C:\Program Files (x86)\Re-markit\150.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 24.25.227.55 209.18.47.61 24.25.227.53
 
FireFox:
========
FF ProfilePath: C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default
FF DefaultSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\searchplugins\yahoo_ff.xml
FF Extension: WOT - C:\Users\Torrey\AppData\Roaming\Mozilla\Firefox\Profiles\iqqks3l6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_13_2 [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1488.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff [2014-02-23]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3570.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff [2014-02-27]
FF HKCU\...\Firefox\Extensions: [{d59ba74c-1d23-439e-8b3b-64c895083f46}] - C:\Program Files (x86)\Re-markit\150.xpi
 
Chrome: 
=======
CHR Extension: (Docs) - C:\Users\Torrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]
CHR Extension: (Media View) - C:\Users\Torrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddafdaajakabkchgmeciddcemdbenhch [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\Torrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Torrey\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ddafdaajakabkchgmeciddcemdbenhch] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ch\MediaViewV1alpha3570.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [ickigifadnnmfmlfnefkjjghlhgehfek] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ch\MediaViewerV1alpha1488.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Torrey\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-02-23]
 
==================== Services (Whitelisted) =================
 
R2 BackupService; C:\Users\Torrey\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [123320 2014-03-03] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20140303.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20140304.018\ENG64.SYS [126040 2014-02-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20140304.018\EX64.SYS [2099288 2014-02-18] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-04 21:03 - 2014-03-04 21:03 - 00000634 _____ () C:\Users\Torrey\Desktop\JRT.txt
2014-03-03 17:21 - 2014-03-03 17:55 - 00000000 ____D () C:\Users\Torrey\Downloads\2014 FIM World Motocross Rd 1 Qatar HD 720p slicknick610
2014-03-03 16:40 - 2014-03-04 21:09 - 00019292 _____ () C:\Users\Torrey\Desktop\FRST.txt
2014-03-03 16:39 - 2014-03-03 16:39 - 00000000 ____D () C:\Users\Torrey\Desktop\FRST-OlderVersion
2014-03-03 06:11 - 2014-03-03 06:11 - 00003080 _____ () C:\{0064664D-1C5F-49A8-BA1F-71094EFCC488}
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Users\Torrey\Downloads\The Walking Dead S04E12 HDTV x264-EXCELLENCE[ettv]
2014-03-02 22:53 - 2014-03-02 22:53 - 00003080 _____ () C:\{BFB0C83B-91C2-4B74-BE41-61E929C87CA8}
2014-03-02 15:33 - 2014-03-02 16:10 - 00000000 ____D () C:\Users\Torrey\Downloads\2013 Geneva Supercross Day 2 slicknick610
2014-03-02 15:32 - 2014-03-02 16:35 - 00000000 ____D () C:\Users\Torrey\Downloads\2014 AMA Supercross Rd 9 Indianapolis HD 720p slicknick610
2014-03-02 15:26 - 2014-03-02 16:57 - 00000000 ____D () C:\Users\Torrey\Downloads\Supercross - Behind the Dream Part 3 HD 720p slicknick610
2014-03-02 15:18 - 2014-03-02 15:18 - 00000865 _____ () C:\Users\Torrey\Desktop\µTorrent.lnk
2014-03-02 15:15 - 2014-03-02 15:15 - 01852496 _____ (BitTorrent Inc.) C:\Users\Torrey\Downloads\uTorrent.exe
2014-03-01 12:53 - 2014-03-03 21:03 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-01 12:52 - 2014-03-04 20:57 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 12:52 - 2014-03-04 20:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 12:52 - 2014-03-01 12:52 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-01 12:52 - 2014-03-01 12:52 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-28 05:37 - 2014-03-03 16:39 - 02156544 _____ (Farbar) C:\Users\Torrey\Desktop\FRST64.exe
2014-02-28 05:09 - 2014-02-28 05:09 - 00000000 ____D () C:\windows\ERUNT
2014-02-28 05:05 - 2014-02-28 05:05 - 01037734 _____ (Thisisu) C:\Users\Torrey\Desktop\JRT.exe
2014-02-28 05:03 - 2014-02-28 05:04 - 01037734 _____ (Thisisu) C:\Users\Torrey\Downloads\JRT.exe
2014-02-28 04:27 - 2014-02-28 04:28 - 00000000 ____D () C:\Users\Torrey\Desktop\myeditedAdwCleaner[Ro]
2014-02-28 02:52 - 2014-03-04 20:49 - 00000000 ____D () C:\AdwCleaner
2014-02-28 02:51 - 2014-02-28 02:51 - 01244192 _____ () C:\Users\Torrey\Desktop\AdwCleaner.exe
2014-02-28 02:09 - 2014-02-28 02:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-28 02:09 - 2014-02-28 02:09 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-28 02:09 - 2014-02-28 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 02:08 - 2014-02-28 02:08 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-28 02:07 - 2014-02-28 02:44 - 00000000 ____D () C:\Users\Torrey\Desktop\mbar
2014-02-28 02:04 - 2014-02-28 02:04 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Torrey\Desktop\mbar-1.07.0.1009.exe
2014-02-28 01:03 - 2014-03-04 20:50 - 00003774 _____ () C:\windows\PFRO.log
2014-02-28 00:22 - 2014-03-04 21:09 - 00000000 ____D () C:\FRST
2014-02-27 21:30 - 2014-02-27 21:30 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Users\Torrey\AppData\Local\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-27 21:30 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-02-27 19:45 - 2014-02-27 19:45 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-27 19:00 - 2014-03-04 20:50 - 00002800 _____ () C:\windows\setupact.log
2014-02-27 19:00 - 2014-02-27 19:00 - 00000000 _____ () C:\windows\setuperr.log
2014-02-26 06:04 - 2014-02-26 06:04 - 00002350 _____ () C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
2014-02-24 12:10 - 2014-02-24 12:10 - 00002816 _____ () C:\{48C6904A-BBAA-40A1-8ADD-E2A35EDE6660}
2014-02-24 10:26 - 2014-02-24 10:26 - 00003672 _____ () C:\{8C9E2BE1-1686-4422-AA54-E4881379C389}
2014-02-24 10:25 - 2014-02-24 10:25 - 00004248 _____ () C:\{6D50A618-C5AF-4AA0-9B36-FB5EAAF84B27}
2014-02-23 19:46 - 2014-02-23 19:46 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-21 19:45 - 2014-02-21 20:30 - 00000000 ____D () C:\Users\Torrey\AppData\Local\NPE
2014-02-21 16:05 - 2014-02-21 16:05 - 00004248 _____ () C:\{1FF46A8A-1706-447E-BD8E-F53AAD66E5F9}
2014-02-18 03:03 - 2014-02-27 19:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-17 22:09 - 2014-02-17 22:09 - 00011024 _____ () C:\{B9662F95-B81D-4881-95C1-1DC8DC9913E0}
2014-02-17 20:33 - 2014-03-01 12:51 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Deployment
2014-02-17 20:33 - 2014-02-27 21:50 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Apps\2.0
2014-02-16 12:06 - 2014-02-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 07:25 - 2014-02-16 07:25 - 00000280 _____ () C:\{B4474048-F90D-4448-BC9C-D380BD5D01BF}
2014-02-12 03:06 - 2013-12-20 23:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 03:06 - 2013-12-20 22:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 03:05 - 2014-02-06 02:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 03:05 - 2014-02-06 01:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 03:05 - 2014-02-06 01:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-12 03:05 - 2014-02-06 01:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 03:05 - 2014-02-06 01:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-12 03:05 - 2014-02-06 01:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-12 03:05 - 2014-02-06 00:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 03:05 - 2014-02-06 00:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-12 03:05 - 2014-02-06 00:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-12 03:05 - 2014-02-06 00:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-12 03:05 - 2014-02-06 00:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-12 03:05 - 2014-02-06 00:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-12 03:05 - 2014-02-06 00:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 03:05 - 2014-02-06 00:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-12 03:05 - 2014-02-06 00:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 03:05 - 2014-02-06 00:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-12 03:05 - 2014-02-06 00:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 03:05 - 2014-02-06 00:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-12 03:05 - 2014-02-06 00:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:05 - 2014-02-05 23:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 03:05 - 2014-02-05 23:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 03:05 - 2014-02-05 23:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 03:05 - 2014-02-05 23:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-12 03:05 - 2014-02-05 23:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-12 03:05 - 2014-02-05 23:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-12 03:05 - 2014-02-05 23:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-12 03:05 - 2014-02-05 23:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-12 03:05 - 2014-02-05 23:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 03:05 - 2014-02-05 23:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-12 03:05 - 2014-02-05 23:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 03:05 - 2014-02-05 23:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 03:05 - 2014-02-05 23:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 03:05 - 2014-02-05 23:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-12 03:05 - 2014-02-05 23:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 03:05 - 2014-02-05 22:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 03:05 - 2014-02-05 22:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 03:05 - 2014-02-05 22:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-12 03:05 - 2014-02-05 22:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 03:05 - 2014-02-05 22:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-11 21:21 - 2013-12-31 13:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-11 21:21 - 2013-12-31 13:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-11 21:21 - 2013-12-24 13:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-11 21:21 - 2013-12-24 12:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-11 21:21 - 2013-12-05 16:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-11 21:21 - 2013-12-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-11 21:21 - 2013-12-05 16:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-11 21:21 - 2013-12-05 16:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-11 21:21 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-11 21:21 - 2013-12-03 16:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-11 21:21 - 2013-12-03 16:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-11 21:21 - 2013-12-03 16:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-11 21:21 - 2013-12-03 16:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-11 21:21 - 2013-12-03 16:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-11 21:21 - 2013-12-03 16:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-11 21:21 - 2013-12-03 16:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-11 21:21 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 21:21 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-11 21:21 - 2013-12-03 16:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-11 21:21 - 2013-12-03 15:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-11 21:21 - 2013-12-03 15:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-11 21:21 - 2013-12-03 15:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 21:21 - 2013-12-03 15:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 21:21 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-11 21:21 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-11 14:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-02-11 13:58 - 2014-02-11 13:58 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-02-06 21:13 - 2014-02-06 21:13 - 00000512 _____ () C:\{19C99D44-9DFE-4EF3-827F-AD9A8EA5E20D}
2014-02-05 04:53 - 2014-02-05 04:53 - 00000280 _____ () C:\{212A6062-9D4F-4F0C-831E-B0EE89262258}
 
==================== One Month Modified Files and Folders =======
 
2014-03-04 21:10 - 2014-03-03 16:40 - 00019292 _____ () C:\Users\Torrey\Desktop\FRST.txt
2014-03-04 21:09 - 2014-02-28 00:22 - 00000000 ____D () C:\FRST
2014-03-04 21:03 - 2014-03-04 21:03 - 00000634 _____ () C:\Users\Torrey\Desktop\JRT.txt
2014-03-04 21:00 - 2009-07-13 18:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 21:00 - 2009-07-13 18:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 20:57 - 2014-03-01 12:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 20:53 - 2014-03-01 12:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 20:50 - 2014-02-28 01:03 - 00003774 _____ () C:\windows\PFRO.log
2014-03-04 20:50 - 2014-02-27 19:00 - 00002800 _____ () C:\windows\setupact.log
2014-03-04 20:50 - 2009-07-13 19:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-04 20:49 - 2014-02-28 02:52 - 00000000 ____D () C:\AdwCleaner
2014-03-04 20:49 - 2011-02-15 08:00 - 01384935 _____ () C:\windows\WindowsUpdate.log
2014-03-04 20:42 - 2012-05-13 23:04 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-03-04 20:16 - 2012-06-18 12:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 04:11 - 2011-03-09 15:13 - 00000000 ____D () C:\Users\Torrey\AppData\Roaming\vlc
2014-03-03 21:03 - 2014-03-01 12:53 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 19:06 - 2011-03-07 15:58 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Tific
2014-03-03 18:29 - 2012-02-11 21:09 - 00000000 ____D () C:\Users\Torrey\AppData\Roaming\uTorrent
2014-03-03 17:55 - 2014-03-03 17:21 - 00000000 ____D () C:\Users\Torrey\Downloads\2014 FIM World Motocross Rd 1 Qatar HD 720p slicknick610
2014-03-03 16:39 - 2014-03-03 16:39 - 00000000 ____D () C:\Users\Torrey\Desktop\FRST-OlderVersion
2014-03-03 16:39 - 2014-02-28 05:37 - 02156544 _____ (Farbar) C:\Users\Torrey\Desktop\FRST64.exe
2014-03-03 16:20 - 2014-01-31 19:43 - 00000000 ____D () C:\Program Files (x86)\SerialTrunc
2014-03-03 14:55 - 2013-07-14 21:02 - 00000000 ____D () C:\Users\Torrey\AppData\Local\TSVNCache
2014-03-03 06:11 - 2014-03-03 06:11 - 00003080 _____ () C:\{0064664D-1C5F-49A8-BA1F-71094EFCC488}
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Users\Torrey\Downloads\The Walking Dead S04E12 HDTV x264-EXCELLENCE[ettv]
2014-03-02 22:53 - 2014-03-02 22:53 - 00003080 _____ () C:\{BFB0C83B-91C2-4B74-BE41-61E929C87CA8}
2014-03-02 19:35 - 2009-07-13 19:13 - 00006450 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-02 16:57 - 2014-03-02 15:26 - 00000000 ____D () C:\Users\Torrey\Downloads\Supercross - Behind the Dream Part 3 HD 720p slicknick610
2014-03-02 16:35 - 2014-03-02 15:32 - 00000000 ____D () C:\Users\Torrey\Downloads\2014 AMA Supercross Rd 9 Indianapolis HD 720p slicknick610
2014-03-02 16:10 - 2014-03-02 15:33 - 00000000 ____D () C:\Users\Torrey\Downloads\2013 Geneva Supercross Day 2 slicknick610
2014-03-02 16:04 - 2013-12-09 18:57 - 00000000 ____D () C:\Program Files (x86)\Diablo II(2)
2014-03-02 15:18 - 2014-03-02 15:18 - 00000865 _____ () C:\Users\Torrey\Desktop\µTorrent.lnk
2014-03-02 15:15 - 2014-03-02 15:15 - 01852496 _____ (BitTorrent Inc.) C:\Users\Torrey\Downloads\uTorrent.exe
2014-03-01 12:53 - 2011-03-07 15:40 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Google
2014-03-01 12:52 - 2014-03-01 12:52 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-01 12:52 - 2014-03-01 12:52 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-01 12:52 - 2010-10-26 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-01 12:51 - 2014-02-17 20:33 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Deployment
2014-02-28 05:09 - 2014-02-28 05:09 - 00000000 ____D () C:\windows\ERUNT
2014-02-28 05:05 - 2014-02-28 05:05 - 01037734 _____ (Thisisu) C:\Users\Torrey\Desktop\JRT.exe
2014-02-28 05:04 - 2014-02-28 05:03 - 01037734 _____ (Thisisu) C:\Users\Torrey\Downloads\JRT.exe
2014-02-28 04:28 - 2014-02-28 04:27 - 00000000 ____D () C:\Users\Torrey\Desktop\myeditedAdwCleaner[Ro]
2014-02-28 02:51 - 2014-02-28 02:51 - 01244192 _____ () C:\Users\Torrey\Desktop\AdwCleaner.exe
2014-02-28 02:44 - 2014-02-28 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-28 02:44 - 2014-02-28 02:07 - 00000000 ____D () C:\Users\Torrey\Desktop\mbar
2014-02-28 02:09 - 2014-02-28 02:09 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-28 02:09 - 2014-02-28 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 02:08 - 2014-02-28 02:08 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-28 02:04 - 2014-02-28 02:04 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Torrey\Desktop\mbar-1.07.0.1009.exe
2014-02-27 21:50 - 2014-02-17 20:33 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Apps\2.0
2014-02-27 21:30 - 2014-02-27 21:30 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Users\Torrey\AppData\Local\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-27 21:30 - 2014-02-27 21:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-27 19:45 - 2014-02-27 19:45 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-27 19:45 - 2014-02-18 03:03 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 19:45 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-02-27 19:00 - 2014-02-27 19:00 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 05:49 - 2011-04-13 23:43 - 00000000 ____D () C:\Users\Torrey\AppData\Local\CrashDumps
2014-02-27 05:49 - 2010-10-27 09:18 - 00000000 ____D () C:\windows\Panther
2014-02-26 06:04 - 2014-02-26 06:04 - 00002350 _____ () C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
2014-02-25 23:00 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\rescache
2014-02-24 12:10 - 2014-02-24 12:10 - 00002816 _____ () C:\{48C6904A-BBAA-40A1-8ADD-E2A35EDE6660}
2014-02-24 10:26 - 2014-02-24 10:26 - 00003672 _____ () C:\{8C9E2BE1-1686-4422-AA54-E4881379C389}
2014-02-24 10:25 - 2014-02-24 10:25 - 00004248 _____ () C:\{6D50A618-C5AF-4AA0-9B36-FB5EAAF84B27}
2014-02-23 19:46 - 2014-02-23 19:46 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-22 23:40 - 2012-06-11 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 20:30 - 2014-02-21 19:45 - 00000000 ____D () C:\Users\Torrey\AppData\Local\NPE
2014-02-21 19:47 - 2011-02-15 08:18 - 00000000 ____D () C:\ProgramData\Norton
2014-02-21 16:05 - 2014-02-21 16:05 - 00004248 _____ () C:\{1FF46A8A-1706-447E-BD8E-F53AAD66E5F9}
2014-02-20 16:18 - 2012-06-18 12:36 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 16:18 - 2012-06-18 12:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 16:18 - 2011-07-05 12:51 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 03:03 - 2011-03-07 15:10 - 00000000 ____D () C:\Users\Torrey
2014-02-18 03:00 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\registration
2014-02-17 22:09 - 2014-02-17 22:09 - 00011024 _____ () C:\{B9662F95-B81D-4881-95C1-1DC8DC9913E0}
2014-02-17 00:45 - 2009-07-13 17:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-02-16 12:06 - 2014-02-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 07:25 - 2014-02-16 07:25 - 00000280 _____ () C:\{B4474048-F90D-4448-BC9C-D380BD5D01BF}
2014-02-15 03:19 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-02-15 03:06 - 2011-03-16 17:58 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-11 17:32 - 2011-03-07 15:12 - 00001428 _____ () C:\Users\Torrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-11 17:28 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-02-11 13:58 - 2014-02-11 13:58 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-02-11 13:58 - 2014-02-11 13:58 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-02-11 13:58 - 2014-02-11 13:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-02-11 13:58 - 2014-02-11 13:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-02-11 13:58 - 2014-02-11 13:58 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-02-11 13:58 - 2014-02-11 13:58 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-02-08 01:31 - 2013-09-12 17:45 - 00001081 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-07 15:29 - 2011-03-07 16:55 - 00000000 ____D () C:\Users\Torrey\AppData\Local\Mozilla
2014-02-06 21:13 - 2014-02-06 21:13 - 00000512 _____ () C:\{19C99D44-9DFE-4EF3-827F-AD9A8EA5E20D}
2014-02-06 02:16 - 2014-02-12 03:05 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 01:30 - 2014-02-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 01:30 - 2014-02-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 01:12 - 2014-02-12 03:05 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 01:07 - 2014-02-12 03:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 01:06 - 2014-02-12 03:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 00:57 - 2014-02-12 03:05 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 00:56 - 2014-02-12 03:05 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 00:52 - 2014-02-12 03:05 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 00:49 - 2014-02-12 03:05 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 00:48 - 2014-02-12 03:05 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 00:48 - 2014-02-12 03:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 00:38 - 2014-02-12 03:05 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 00:32 - 2014-02-12 03:05 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 00:20 - 2014-02-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 00:17 - 2014-02-12 03:05 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 00:11 - 2014-02-12 03:05 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 00:01 - 2014-02-12 03:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 00:00 - 2014-02-12 03:05 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-05 23:57 - 2014-02-12 03:05 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-05 23:57 - 2014-02-12 03:05 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-05 23:52 - 2014-02-12 03:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-05 23:52 - 2014-02-12 03:05 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-05 23:50 - 2014-02-12 03:05 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-05 23:49 - 2014-02-12 03:05 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-05 23:47 - 2014-02-12 03:05 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-05 23:46 - 2014-02-12 03:05 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-05 23:25 - 2014-02-12 03:05 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-05 23:25 - 2014-02-12 03:05 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-05 23:24 - 2014-02-12 03:05 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-05 23:22 - 2014-02-12 03:05 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-05 23:13 - 2014-02-12 03:05 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-05 23:09 - 2014-02-12 03:05 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-05 23:03 - 2014-02-12 03:05 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-05 22:55 - 2014-02-12 03:05 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-05 22:41 - 2014-02-12 03:05 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-05 22:40 - 2014-02-12 03:05 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-05 22:36 - 2014-02-12 03:05 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-05 22:34 - 2014-02-12 03:05 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-05 04:53 - 2014-02-05 04:53 - 00000280 _____ () C:\{212A6062-9D4F-4F0C-831E-B0EE89262258}
 
Some content of TEMP:
====================
C:\Users\Torrey\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 06:40
 
==================== End Of Log ============================
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Torrey on Tue 03/04/2014 at 20:57:00.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/04/2014 at 21:03:50.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#9 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 05 March 2014 - 04:06 AM

Hello Halpmeplz,

1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***



How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 07 March 2014 - 04:40 AM

Hello,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Halpmeplz

Halpmeplz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 March 2014 - 06:44 AM

hi jo  :busy: , I ran the malwarebytes twice because the first time I didnt  have everything checkmarked, i thought one was safe but anyway i ran it again and deleted the last PUP, the first scan found and deleted a bunch of them. the pc is running really good, no popups, norton isnt finding anything, internet is alot faster, the pc itself is faster also. this is the best its ran in probly 2 years  :)

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.05.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Torrey :: TORREY-PC [administrator]
 
Protection: Enabled
 
3/4/2014 11:38:35 PM
mbam-log-2014-03-04 (23-38-35).txt
 
Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352918
Time elapsed: 1 hour(s), 6 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 17
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewerV1alpha1488 (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha3570 (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Search Protection (PUP.Optional.MyEmoticons.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaViewerV1alpha1488 (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaViewV1alpha3570 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79bb57b9-666d-4a5e-b948-97364e0cebd2} (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{79bb57b9-666d-4a5e-b948-97364e0cebd2} (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4a958e09-4065-43a4-8ff6-a0bf79f8ab94} (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKCR\Interface\{3B01B5BF-3C7A-4C46-99FD-0EBE912BEDB8} (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{79BB57B9-666D-4A5E-B948-97364E0CEBD2} (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79BB57B9-666D-4A5E-B948-97364E0CEBD2} (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f1eeb06-6317-4472-a024-b97ca0b3a5d0} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{8f1eeb06-6317-4472-a024-b97ca0b3a5d0} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60afa4bb-d9ed-4cff-8d8d-0b8a13e55935} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCR\Interface\{b7564210-9ec2-49b4-bdf4-f2c357c8f9fe} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8F1EEB06-6317-4472-A024-B97CA0B3A5D0} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F1EEB06-6317-4472-A024-B97CA0B3A5D0} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaViewerV1alpha1488.net (PUP.Optional.MediaViewer.A) -> Data: C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaViewV1alpha3570.net (PUP.Optional.MediaView.A) -> Data: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 16
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488 (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ch (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content\icons (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content\icons\default (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ie (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ch (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\icons (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\icons\default (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ie (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
 
Files Detected: 23
G:\Backup Files\toshiba restorin backup stuffs\Mud Crack\rld.dll (PUP.Hacktool.crk) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Torrey\AppData\Roaming\OpenCandy\OpenCandy_03287A39A9D946ABB7B8ABC69CEEDF36\LatestDLMgr.exe.vir (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Torrey\AppData\Roaming\OpenCandy\OpenCandy_35D9E1C3D3FF4E94BFEB1127D8417B89\LatestDLMgr.exe.vir (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\uninstall.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\uninstall.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Milestone\MUD\rld.dll (PUP.Hacktool.crk) -> Quarantined and deleted successfully.
C:\Users\Torrey\Desktop\Mud Crack\rld.dll (PUP.Hacktool.crk) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ch\MediaViewerV1alpha1488.crx (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome.manifest (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\install.rdf (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content\ffMediaViewerV1alpha1488.js (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content\overlay.xul (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1488\ff\chrome\content\icons\default\MediaViewerV1alpha1488_32.png (PUP.Optional.MediaViewer.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ch\MediaViewV1alpha3570.crx (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome.manifest (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\install.rdf (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\ffMediaViewV1alpha3570.js (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\ffMediaViewV1alpha3570ffaction.js (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\overlay.xul (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3570\ff\chrome\content\icons\default\MediaViewV1alpha3570_32.png (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
 
(end)
 
 
and the second scan.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.06.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Torrey :: TORREY-PC [administrator]
 
Protection: Enabled
 
3/6/2014 11:44:12 PM
mbam-log-2014-03-06 (23-44-12).txt
 
Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355436
Time elapsed: 58 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
G:\Backup Files\toshiba restorin backup stuffs\Mud Crack\rld.dll (PUP.Hacktool.crk) -> Quarantined and deleted successfully.
 
(end)
 
 
Heres the ESET scan .txt
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\ReMarkit_up.exe.vir a variant of Win32/AdWare.AddLyrics.AF application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\Uninstall.exe.vir multiple threats
G:\Backup Files\5\1\V0\C\Documents and Settings\dad\My Documents\My Pictures\CamillesDivingPics!!\Mobile Uploads 09\RegDefense-Setup.1.2D0D17.efw a variant of Win32/Adware.RegDefense application
G:\Backup Files\7\1\V0\C\Users\Torrey\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso a variant of Win32/Packed.VMProtect.AAH trojan
G:\Backup Files\toshiba restorin backup stuffs\Mud Crack\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
 


#12 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 07 March 2014 - 06:57 AM

Hello Halpmeplz,

now we delete the files that ESET found.
Connect any existing external hard drives and / or other removable media.
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\ReMarkit_up.exe.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\Uninstall.exe.vir
G:\Backup Files\5\1\V0\C\Documents and Settings\dad\My Documents\My Pictures\CamillesDivingPics!!\Mobile Uploads 09\RegDefense-Setup.1.2D0D17.efw
G:\Backup Files\7\1\V0\C\Users\Torrey\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso
G:\Backup Files\toshiba restorin backup stuffs\Mud Crack\rld.dll
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.



***


1. Uninstall old versions:
Please go to Start > Control Panel > Add Remove Programs (XP)
Or Start > Control Panel > Programs and Features ( Vista | Windows 7/8 ).

Locate the following programs:
  • Adobe Reader 9, 10
Uninstall them all.
 

***



2. Install these programs:
  • Install latest Adobe Reader:
  • Go to http://get.adobe.com/reader/otherversions/
  • Use the drop down menu's to select your operating system
  • Select your language > Select The current version of Adobe Reader for your language
  • Remove the check mark from the box "Install Chrome as standard browser and Google Toolbar for Internet explorer"
  • Click the Download button, and follow the onscreen directions to complete the installation.

3. Restart your pc:

How the computer is running now?
Any remaining issues?



***


Edited by Jo*, 07 March 2014 - 06:58 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Halpmeplz

Halpmeplz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 March 2014 - 08:41 AM

updated adobe. still running good! i just streamed a 1080p video fine, it used to freeze sometimes so i figured its a good little test.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014

Ran by Torrey at 2014-03-07 03:10:12 Run:1
Running from C:\Users\Torrey\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\ReMarkit_up.exe.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\Uninstall.exe.vir
G:\Backup Files\5\1\V0\C\Documents and Settings\dad\My Documents\My Pictures\CamillesDivingPics!!\Mobile Uploads 09\RegDefense-Setup.1.2D0D17.efw
G:\Backup Files\7\1\V0\C\Users\Torrey\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso
G:\Backup Files\toshiba restorin backup stuffs\Mud Crack\rld.dll
end
*****************
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\ReMarkit_up.exe.vir => Moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\Uninstall.exe.vir => Moved successfully.
G:\Backup Files\5\1\V0\C\Documents and Settings\dad\My Documents\My Pictures\CamillesDivingPics!!\Mobile Uploads 09\RegDefense-Setup.1.2D0D17.efw => Moved successfully.
G:\Backup Files\7\1\V0\C\Users\Torrey\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso => Moved successfully.
"G:\Backup Files\toshiba restorin backup stuffs\Mud Crack\rld.dll" => File/Directory not found.
 
==== End of Fixlog ====


#14 Jo*

Jo*

  • Malware Response Team
  • 3,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:41 PM

Posted 07 March 2014 - 09:17 AM

Hello Halpmeplz,


well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


start
DeleteQuarantine:
end

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Halpmeplz

Halpmeplz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 08 March 2014 - 04:41 AM

awesome! thanks a bunch! :bananas:  :cool:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users