Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple malware infections, Windows unstable, operating in SAFE MODE only


  • This topic is locked This topic is locked
87 replies to this topic

#1 wingmaker

wingmaker

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 March 2014 - 11:47 AM

Hello...
 

I'm working with an HP touchsmart i3 64 bit PC and the OS is win 7

At this time I'm only able to operate my PC in safe mode.  When I try to load windows in regular mode I get a black screen with only the cursor showing.  (before that and what brought me here for help, I could load Windows but it was painfully slow, hung forever, and unresponsive to the point I had to reboot using the power button)  For this reason I was unable to follow several of the recommendations given to me in the "Am I infected Forum" such as uninstalling several anti-virus programs, TuneUp Utilities; deleting older versions of java (not sure how) and updating to newest version.  I have done all the computer allows me to do.
 
Programs that I was advised to run thus far are: Screen317 Security Check; MiniToolBox; MBAM; and ESET.  I can post those results here if need be.  All infections were removed save for two that were found by ESET (one of which was a backup of a website and the other some Private Label Rights content material in a zip file, both of which are stored on my external HD).  I found ESET to be overly aggressive, targeting files that were WordPress plugins, Zone Alarm exe files, etc.

I was not asked to run AdwCleaner initially but the gentleman helping me made a reference to it later in the thread - "AdwCleaner has done it's job" when in fact it has not so... I downloaded it and ran it but have yet to get any feedback on that in the other forum.  I will post it here since I was advised to download the DDS program and post txt files to this forum.

Results from AdwCleaner (please advise what to do as I still have the program open and am unable to proceed further):

# AdwCleaner v3.021 - Report created 11/03/2014 at 19:56:08
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : WingMaker - PEGASUS
# Running from : C:\Users\WingMaker\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\.autoreg
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\defaulttab.config
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\searchplugins\search.xml
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\user.js
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\domainsonfirefox@domainsonfire.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\netvideohunter@netvideohunter.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\youtubeunblocker@unblocker.yt
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\orbitdownloader
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\CodecCheck
Folder Found C:\ProgramData\Premium
Folder Found C:\SearchProtect
Folder Found C:\Users\WINGMA~1\AppData\Local\Temp\FoxTab
Folder Found C:\Users\WingMaker\AppData\Local\Conduit
Folder Found C:\Users\WingMaker\AppData\Local\SwvUpdater
Folder Found C:\Users\WingMaker\AppData\LocalLow\Conduit
Folder Found C:\Users\WingMaker\AppData\LocalLow\PriceGong
Folder Found C:\Users\WingMaker\AppData\Roaming\DefaultTab
Folder Found C:\Users\WingMaker\AppData\Roaming\DriverCure
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\ConduitCommon
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\CT2786678
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\FoxTab
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Smartbar
Folder Found C:\Users\WingMaker\AppData\Roaming\SearchProtect
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKCU\Software\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\AVG Nation toolbar
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Orbit
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\Software\Orbit
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\prefs.js ]

Line Found : user_pref("CT2786678..clientLogIsEnabled", true);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "23-1-2012");
Line Found : user_pref("CT2786678.DSInstall", false);
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Sun Jan 22 2012 17:07:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 151);
Line Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Sun Jan 22 2012 17:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Sun Jan 22 2012 17:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "23-1-2012");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HPInstall", false);
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
Line Found : user_pref("CT2786678.InstallationType", "Unknown");
Line Found : user_pref("CT2786678.InstalledDate", "Sun Jan 22 2012 16:02:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsInitSetupIni", true);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sun Jan 22 2012 16:03:11 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_3.9.0.3", "Sun Jan 22 2012 16:02:51 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2786678.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sun Jan 22 2012 16:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sun Jan 22 2012 16:02:38 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1326994324");
Line Found : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2786678.UserID", "UN08605057496401425");
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Sun Jan 22 2012 17:03:02 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.autoDisableScopes", -1);
Line Found : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204A616E20323220323031322031363A30333A303020474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("CT2786678.backendstorage.pairingkey", "33394241304344334443383433423843463743344244314635354342313943313936343637384333");
Line Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Found : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32363637312C226C6162656C223A5B5D2C22746F7272656E7473223A5B5D2C22746F7272656E7463223A2232313238333231333038222C227273736665656473223A[...]
Line Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.initDone", true);
Line Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.revertSettingsEnabled", false);
Line Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Jan 22 2012 16:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.usagesFlag", 1);
Line Found : user_pref("CT3074349..clientLogIsEnabled", true);
Line Found : user_pref("CT3074349..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3074349..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3074349.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3074349.CTID", "CT3074349");
Line Found : user_pref("CT3074349.CommunitiesChangesLastCheckTime", "0");
Line Found : user_pref("CT3074349.CurrentServerDate", "27-9-2011");
Line Found : user_pref("CT3074349.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3074349.DialogsGetterLastCheckTime", "Mon Sep 26 2011 14:46:21 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.DownloadReferralCookieData", "");
Line Found : user_pref("CT3074349.EnableClickToSearchBox", false);
Line Found : user_pref("CT3074349.EnableSearchHistory", false);
Line Found : user_pref("CT3074349.EnableSearchSuggest", false);
Line Found : user_pref("CT3074349.FirstServerDate", "26-9-2011");
Line Found : user_pref("CT3074349.FirstTime", true);
Line Found : user_pref("CT3074349.FirstTimeFF3", true);
Line Found : user_pref("CT3074349.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3074349.GroupingInvalidateCache", false);
Line Found : user_pref("CT3074349.GroupingLastCheckTime", "0");
Line Found : user_pref("CT3074349.GroupingLastServerUpdateTime", "0");
Line Found : user_pref("CT3074349.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3074349.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3074349.HasUserGlobalKeys", true);
Line Found : user_pref("CT3074349.Initialize", true);
Line Found : user_pref("CT3074349.InitializeCommonPrefs", true);
Line Found : user_pref("CT3074349.InstallationAndCookieDataSentCount", 2);
Line Found : user_pref("CT3074349.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT3074349.InstalledDate", "Mon Sep 26 2011 14:46:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.InvalidateCache", false);
Line Found : user_pref("CT3074349.IsAlertDBUpdated", true);
Line Found : user_pref("CT3074349.IsGrouping", false);
Line Found : user_pref("CT3074349.IsInitSetupIni", true);
Line Found : user_pref("CT3074349.IsMulticommunity", false);
Line Found : user_pref("CT3074349.IsOpenThankYouPage", false);
Line Found : user_pref("CT3074349.IsOpenUninstallPage", true);
Line Found : user_pref("CT3074349.LanguagePackLastCheckTime", "Mon Sep 26 2011 14:46:23 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3074349.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3074349.LastLogin_3.6.0.10", "Tue Sep 27 2011 05:15:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.LatestVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.Locale", "en");
Line Found : user_pref("CT3074349.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3074349.MCDetectTooltipShow", false);
Line Found : user_pref("CT3074349.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3074349.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3074349.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3074349.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.RadioLastCheckTime", "0");
Line Found : user_pref("CT3074349.RadioLastUpdateIPServer", "0");
Line Found : user_pref("CT3074349.RadioLastUpdateServer", "0");
Line Found : user_pref("CT3074349.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.SavedHomepage", "hxxp://by161w.bay161.mail.live.com/default.aspx");
Line Found : user_pref("CT3074349.SearchBackToDefaultEngine", false);
Line Found : user_pref("CT3074349.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3074349.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3074349&SearchSource=2&q=");
Line Found : user_pref("CT3074349.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3074349.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3074349.SearchInNewTabLastCheckTime", "Mon Sep 26 2011 14:46:21 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT3074349.ServiceMapLastCheckTime", "Mon Sep 26 2011 14:46:17 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SettingsLastCheckTime", "Tue Sep 27 2011 10:26:44 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SettingsLastUpdate", "1314715212");
Line Found : user_pref("CT3074349.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastCheck", "Mon Sep 26 2011 14:46:17 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT3074349.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3074349");
Line Found : user_pref("CT3074349.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3074349.UserID", "UN82030157816485186");
Line Found : user_pref("CT3074349.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3074349.alertChannelId", "1465784");
Line Found : user_pref("CT3074349.approveUntrustedApps", false);
Line Found : user_pref("CT3074349.backendstorage.facebook_mode", "32");
Line Found : user_pref("CT3074349.backendstorage.facebook_user_locale", "656E");
Line Found : user_pref("CT3074349.components.1000082", false);
Line Found : user_pref("CT3074349.components.1000234", false);
Line Found : user_pref("CT3074349.components.129574421763479940", false);
Line Found : user_pref("CT3074349.components.129574421763997487", false);
Line Found : user_pref("CT3074349.components.129574421764495504", false);
Line Found : user_pref("CT3074349.components.129574421764505270", false);
Line Found : user_pref("CT3074349.components.129574421764515036", false);
Line Found : user_pref("CT3074349.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3074349.globalFirstTimeInfoLastCheckTime", "Tue Sep 27 2011 05:15:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.initDone", true);
Line Found : user_pref("CT3074349.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3074349.isFirstRadioInstallation", false);
Line Found : user_pref("CT3074349.myStuffEnabled", true);
Line Found : user_pref("CT3074349.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3074349.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3074349.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3074349.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3074349.oldAppsList", "129446538071425236,129574421762864744,111,129574421763479940,1000082,129574421763997487,1000234,129574421764495504,129574421764505270,129574421764515036,1000034,100[...]
Line Found : user_pref("CT3074349.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3074349.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.testingCtid", "");
Line Found : user_pref("CT3074349.toolbarAppMetaDataLastCheckTime", "Mon Sep 26 2011 14:46:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.toolbarContextMenuLastCheckTime", "Mon Sep 26 2011 14:46:23 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.usageEnabled", false);
Line Found : user_pref("CT3074349.usagesFlag", 2);
Line Found : user_pref("CT3282812.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.buckguru.com%2Fdownload%2F%3Fproduct%3D12%26email%3Dswan_jordan%40hotmail.com\",\"EB_MAIN_FRAME_TITLE\":\"Proble[...]
Line Found : user_pref("CT3282812_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375464364481,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}");
Line Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.FF19Solved", "true");
Line Found : user_pref("CT3289847.Facebook_Mode.enc", "Mg==");
Line Found : user_pref("CT3289847.Facebook_User_Locale.enc", "ZW4=");
Line Found : user_pref("CT3289847.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Found : user_pref("CT3289847.FirstTime", "true");
Line Found : user_pref("CT3289847.FirstTimeFF3", "true");
Line Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.UserID", "UN30781615464862199");
Line Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289847.cbfirsttime.enc", "VHVlIE1heSAyMSAyMDEzIDEzOjM5OjA1IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3289847.first_time_search.enc", "MQ==");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3289847.fixUrls", true);
Line Found : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "NmM4YjAyNWEtYTA1NS04NWIwLTZlZGItZDAyZGNlYWRjM2Mw");
Line Found : user_pref("CT3289847.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "YTQ4MjkyMGEtYTMwNi0xNDdiLThjNmYtMDMxNzBmNjk3MjEy");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Found : user_pref("CT3289847.installDate", "20/4/2013 0:28:08");
Line Found : user_pref("CT3289847.installSessionId", "-1");
Line Found : user_pref("CT3289847.installSp", "TRUE");
Line Found : user_pref("CT3289847.installUsageEarly", "2013-05-21T20:38:36.0818634+03:00");
Line Found : user_pref("CT3289847.installerVersion", "1.4.1.3");
Line Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289847.keyword", "true");
Line Found : user_pref("CT3289847.lastVersion", "10.16.2.509");
Line Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2OTI0NDQxNTAxMQ==");
Line Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNWE2ZGI2ODktNWJiNi00YWVmLTkzMjUtNmQ4NzQ5ODYxOGQ0IiwiZG9tYWlucyI[...]
Line Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Line Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2OTI0NDQxNTU3Mw==");
Line Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_userId.enc", "MTAzNWE0YzItYjI4MC00NTZmLWE5ZTEtYmZiOWYxN2ZkMmRh");
Line Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsessionmanager.mozdev.org%2Fhistory.html%3Foldversion%3D0.8.0.1%26newversion%3D0.8.0.6\",\"EB_MAIN_FRAME_TITLE\":\"m[...]
Line Found : user_pref("CT3289847.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Found : user_pref("CT3289847.search.searchCount", "0");
Line Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchRevert", "true");
Line Found : user_pref("CT3289847.searchUserMode", "2");
Line Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369157935856");
Line Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369244410438");
Line Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369157935604");
Line Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369157923120");
Line Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1369167930316");
Line Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369157935703");
Line Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1369167930406");
Line Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1369167930008");
Line Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1369167930506");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369157935480");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1369244414577");
Line Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1369244410607");
Line Found : user_pref("CT3289847.settingsINI", true);
Line Found : user_pref("CT3289847.showToolbarPermission", "false");
Line Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289847.smartbar.homepage", "true");
Line Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Found : user_pref("CT3289847.url_history0001.enc", "aHR0cHM6Ly9mYnNvY2lhbGNvdXBvbnMuY29tL2FwcC9hZG1pbjo6OmNsaWNraGFuZGxlcjo6OjEzNjkyMzkzOTA5MzMsLCxodHRwOi8vZmJzb2NpYWxjb3Vwb25zLmNvbS9kYXNoYm9hcmQvc3RhcnQvOjo6[...]
Line Found : user_pref("CT3289847.versionFromInstaller", "10.14.380.14");
Line Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1369157906867,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3074349&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "PhotoJoy US Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1326994325\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CA", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1465784/1461438/CA", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3074349", "\"1312968577\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:12ac\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"023d3d3f2c9cc1:12ac\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"13a760730d9291f1df061003ecf304ce\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3074349", "\"634515122457000000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3074349&octid=CT3074349", "\"1314715212\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer_dead.gif", "\"03e383867bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.gif", "\"0e685fa27bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif", "\"02faea337c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif", "\"03a54d7f47ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif", "\"049b47644c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WingMaker\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\e9k0lx8w.default\\conduitCommon\\modules\\3.9.0.3");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/c4/d0/c43b31cd-f174-4062-8bc6-cc15a23691d0/BrowserFiles/8cfec7de-e8ec-4f1e-9b41-950b0f760652.html", "300x299");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 22 2012 16:05:18 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "9e45b5c0-bfd9-400d-8853-cf4682811dd2");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jan 22 2012 16:02:42 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 22 2012 17:02:50 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "7c859bb3-85e0-44cc-b419-3f59075735ec");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://by161w.bay161.mail.live.com/mail/?n=2067682555&fid=1&fav=1#n=1469595194&fid=1&fav=1");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "PhotoJoy US Customized Web Search");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812&SearchSource=61&CUI=UN36895330102909286&UM=2&UP=SP5490669D-8E51-4934-8DA5-442CB026E82C");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d[...]
Line Found : user_pref("browser.newtab.url", "hxxp://www.mysearchresults.com/?nt=nt2&t=03&SearchSource=45&UM=2&c=3563&ctid=CT3300024");
Line Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.crossrider.bic", "132a70e98846b385fa31bd7bc4cfc45e");
Line Found : user_pref("extensions.crossriderapp435.435.active", true);
Line Found : user_pref("extensions.crossriderapp435.435.affid", "0");
Line Found : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n//------------------ PLUGIN resources_background START ------------------ ------------------ \n(function(){appAPI.ready=function(a){appAPI.[...]
Line Found : user_pref("extensions.crossriderapp435.435.backgroundver", 9);
Line Found : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221325268140%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2214985%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxp%3A//www.the-profit-platform.com/webinar/replay%22");
Line Found : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Line Found : user_pref("extensions.crossriderapp435.435.domain", "");
Line Found : user_pref("extensions.crossriderapp435.435.emailsig", "");
Line Found : user_pref("extensions.crossriderapp435.435.exposesites", "");
Line Found : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.group", 0);
Line Found : user_pref("extensions.crossriderapp435.435.homepage", "");
Line Found : user_pref("extensions.crossriderapp435.435.iframe", false);
Line Found : user_pref("extensions.crossriderapp435.435.js", "\n//------------------ PLUGIN app_435_specific START ------------------ ------------------ \nif(!appAPI.matchPages(\"search.babylon.com\",\"search.swee[...]
Line Found : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Line Found : user_pref("extensions.crossriderapp435.435.premium", true);
Line Found : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Line Found : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.thankyou", "");
Line Found : user_pref("extensions.crossriderapp435.435.ver", 79);
Line Found : user_pref("extensions.crossriderapp435.apps", "435");
Line Found : user_pref("extensions.crossriderapp435.bic", "132a70e98846b385fa31bd7bc4cfc45e");
Line Found : user_pref("extensions.crossriderapp435.cid", 435);
Line Found : user_pref("extensions.crossriderapp435.firstrun", false);
Line Found : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp435.installationdate", 1317062744);
Line Found : user_pref("extensions.crossriderapp435.jsver", 3);
Line Found : user_pref("extensions.crossriderapp435.lastcheck", 23242553);
Line Found : user_pref("extensions.crossriderapp435.lastcheckitem", 23242608);
Line Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1394555648641");
Line Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1394555648624");
Line Found : user_pref("extensions.crossriderapp435@crossrider.com.install-event-fired", true);
Line Found : user_pref("extensions.defaulttab.config", "{\"set_default_search\":\"Search|Conduit\",\"features\":[{\"engine\":\"Related Search - NS1 - DDC\",\"additional_config\":\"c=1A3578,tlid=22406\",\"ai\":0,\"[...]
Line Found : user_pref("extensions.enabledAddons", "netvideohunter%40netvideohunter.com:1.15,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21,%7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9,%7BFCAB6FDD-5585-425b[...]
Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=");
Line Found : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"275687\",\"name\":\"Sunset Over Paradise Beach\",\"headerURL\":\"hxxps://addons.mozilla.org/_files/213659/SunsetonPalmTreeBeach2.jpg?1281173216\",[...]
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=");
Line Found : user_pref("smartbar.machineId", "HVBR+ZYAHCROWWBDRLDVPDLV3IMCHDSERDIQ+QUZVTRY3KOMBXXB0UOWIZWTYLT0RZSIYTY2RD/4AQUXDDV6OG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://isearch.avg.com/?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&lang=en&ds=AVG&[...]
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&l[...]
Line Found : user_pref("smartbar.originalSearchEngine", "Google");

-\\ Google Chrome v

[ File : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 1.6.0_26
Run by WingMaker at 11:53:27 on 2014-03-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3831.2205 [GMT -4:00]
.
AV: Immunet 3.0 *Disabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\WingMaker\Downloads\AdwCleaner.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uURLSearchHooks: {f2c43291-151e-499c-98a7-923c120b88fa} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: SoThink Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: SoThink Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: IE Developer Tools Toolbar: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\internet explorer\iedvtool.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Immunet Protect] "C:\Program Files\Immunet\3.0.13\iptray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{9B28AF26-7958-4C0D-B952-5E808CC88F2F} : DHCPNameServer = 192.168.2.1 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe"
x64-RunOnce: [GrpConv] grpconv -o
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://bay169.mail.live.com/mail/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\WingMaker\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\WingMaker\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-11-26 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-9 253528]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-6-7 55384]
R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-4-9 94296]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-4-26 17992]
R3 FintekCIR;Fintek eHome Transceiver;C:\Windows\System32\drivers\FintekCIR.sys [2010-12-22 30824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-26 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NWVoltron;NextWindow Voltron Touch Screen;C:\Windows\System32\drivers\NWVoltron.sys [2013-2-4 28920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-26 239616]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-9 84568]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-11-26 212280]
S1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2013-8-4 58112]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2013-8-4 33024]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-26 98208]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2013-8-4 100096]
S2 ImmunetProtect;Immunet 3.0;C:\Program Files\Immunet\3.0.13\agent.exe [2013-8-4 521536]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-25 134944]
S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-5-11 72280]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-12-18 2103096]
S3 Ant App service;File1 Application service;C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [2013-2-5 504816]
S3 AVerAVF2;AVerAVF2;C:\Windows\System32\drivers\AVerAVF2.sys [2010-11-11 1212416]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2010-4-26 14328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-26 158976]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2010-4-26 25080]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-26 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-9 31800]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-9 84568]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-9 60504]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-4 1255736]
.
=============== Created Last 30 ================
.
2014-03-11 23:56:03    --------    d-----w-    C:\AdwCleaner
2014-03-09 20:46:44    --------    d-----w-    C:\MATS
2014-03-09 20:18:46    --------    d-----w-    C:\Users\WingMaker\AppData\Local\VS Revo Group
2014-03-09 20:18:39    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-03-09 20:18:39    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-03-09 20:18:37    --------    d-----w-    C:\Program Files\VS Revo Group
2014-03-08 00:31:43    --------    d-----w-    C:\Program Files (x86)\ESET
2014-03-07 20:59:37    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-03-07 20:21:38    --------    d-----w-    C:\Users\WingMaker\AppData\Roaming\SparkTrust
2014-03-07 20:21:38    --------    d-----w-    C:\Users\WingMaker\AppData\Roaming\DriverCure
2014-03-07 20:20:50    --------    d-----w-    C:\ProgramData\SparkTrust
2014-03-07 01:25:18    --------    d-----w-    C:\Windows\SysWow64\AppData
2014-03-06 14:28:48    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F72A8A2-006B-446C-BBD8-1EC7E5407DEF}\gapaengine.dll
2014-03-06 14:21:42    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93A585A1-D293-447B-BE9F-B2412DBD1097}\mpengine.dll
2014-03-05 02:02:39    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-04 19:51:43    --------    d-----w-    C:\Windows\System32\catroot2
2014-03-04 19:43:32    --------    d-----w-    C:\Windows\System32\wbem\repository
2014-03-03 06:01:07    --------    d-----w-    C:\Windows\CleanMem
2014-03-03 06:01:07    --------    d-----w-    C:\Program Files (x86)\CleanMem
2014-03-03 05:37:52    --------    d-----w-    C:\Program Files\Tweaking.com simple tweaking system
2014-03-02 23:39:27    --------    d-----w-    C:\Windows\System32\wbem\repository.002
2014-03-02 23:38:15    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-03-02 23:05:52    --------    d-----w-    C:\RegBackup
2014-03-02 18:33:07    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 18:20:40    --------    d-----w-    C:\Program Files\Tweaking.com
2014-02-25 08:11:40    --------    d-----w-    C:\Windows\Migration
2014-02-17 01:58:07    --------    d-----w-    C:\Users\WingMaker\AppData\Roaming\EncryptStick
2014-02-15 17:41:02    22776944    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-02-15 17:41:01    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-02-15 17:39:52    194560    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2014-02-13 08:02:55    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-13 08:02:54    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-13 08:00:59    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-13 07:05:34    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-13 07:05:33    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-13 07:05:29    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-13 07:05:26    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-12 10:07:13    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2014-02-12 10:07:06    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2014-02-12 10:07:01    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2014-02-12 10:06:55    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2014-02-12 10:06:54    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2014-02-12 10:06:43    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-12 10:06:12    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2014-02-12 10:06:07    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2014-02-12 10:06:03    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2014-02-12 10:05:58    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2014-02-12 10:05:53    488448    ----a-w-    C:\Windows\System32\secproc.dll
2014-02-12 10:05:52    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2014-02-12 10:05:36    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2014-02-12 10:05:33    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2014-02-12 10:05:30    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2014-02-12 10:05:25    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2014-02-12 10:05:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2014-02-12 10:05:16    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2014-02-12 10:03:13    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 10:03:10    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-02-12 10:02:49    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-02-12 10:02:40    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
.
==================== Find3M  ====================
.
2014-02-21 01:42:15    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-21 01:42:14    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-27 08:08:05    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-27 08:08:05    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-12-18 09:01:08    40760    ----a-w-    C:\Windows\System32\TURegOpt.exe
2013-12-18 09:01:02    43320    ----a-w-    C:\Windows\System32\uxtuneup.dll
2013-12-18 09:01:02    36152    ----a-w-    C:\Windows\SysWow64\uxtuneup.dll
2013-12-18 09:01:02    29496    ----a-w-    C:\Windows\System32\authuitu.dll
2013-12-18 09:01:02    25400    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2010-11-03 00:39:00    8390880    ----a-w-    C:\Program Files\Firefox Setup 3.6.12.exe
.
============= FINISH: 11:54:36.83 ===============
: search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [56450 octets] - [11/03/2014 19:56:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [56511 octets] ##########


Results from DDS program:

DDS text

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 1.6.0_26
Run by WingMaker at 11:53:27 on 2014-03-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3831.2205 [GMT -4:00]
.
AV: Immunet 3.0 *Disabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\WingMaker\Downloads\AdwCleaner.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uURLSearchHooks: {f2c43291-151e-499c-98a7-923c120b88fa} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: SoThink Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: SoThink Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: IE Developer Tools Toolbar: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\internet explorer\iedvtool.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Immunet Protect] "C:\Program Files\Immunet\3.0.13\iptray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{9B28AF26-7958-4C0D-B952-5E808CC88F2F} : DHCPNameServer = 192.168.2.1 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe"
x64-RunOnce: [GrpConv] grpconv -o
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://bay169.mail.live.com/mail/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\WingMaker\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\WingMaker\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-11-26 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-9 253528]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-6-7 55384]
R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-4-9 94296]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-4-26 17992]
R3 FintekCIR;Fintek eHome Transceiver;C:\Windows\System32\drivers\FintekCIR.sys [2010-12-22 30824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-26 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NWVoltron;NextWindow Voltron Touch Screen;C:\Windows\System32\drivers\NWVoltron.sys [2013-2-4 28920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-26 239616]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-9 84568]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-11-26 212280]
S1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2013-8-4 58112]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2013-8-4 33024]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-26 98208]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2013-8-4 100096]
S2 ImmunetProtect;Immunet 3.0;C:\Program Files\Immunet\3.0.13\agent.exe [2013-8-4 521536]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-25 134944]
S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-5-11 72280]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-12-18 2103096]
S3 Ant App service;File1 Application service;C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [2013-2-5 504816]
S3 AVerAVF2;AVerAVF2;C:\Windows\System32\drivers\AVerAVF2.sys [2010-11-11 1212416]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2010-4-26 14328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-26 158976]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2010-4-26 25080]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-26 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-9 31800]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-9 84568]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-9 60504]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-4 1255736]
.
=============== Created Last 30 ================
.
2014-03-11 23:56:03    --------    d-----w-    C:\AdwCleaner
2014-03-09 20:46:44    --------    d-----w-    C:\MATS
2014-03-09 20:18:46    --------    d-----w-    C:\Users\WingMaker\AppData\Local\VS Revo Group
2014-03-09 20:18:39    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-03-09 20:18:39    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-03-09 20:18:37    --------    d-----w-    C:\Program Files\VS Revo Group
2014-03-08 00:31:43    --------    d-----w-    C:\Program Files (x86)\ESET
2014-03-07 20:59:37    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-03-07 20:21:38    --------    d-----w-    C:\Users\WingMaker\AppData\Roaming\SparkTrust
2014-03-07 20:21:38    --------    d-----w-    C:\Users\WingMaker\AppData\Roaming\DriverCure
2014-03-07 20:20:50    --------    d-----w-    C:\ProgramData\SparkTrust
2014-03-07 01:25:18    --------    d-----w-    C:\Windows\SysWow64\AppData
2014-03-06 14:28:48    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F72A8A2-006B-446C-BBD8-1EC7E5407DEF}\gapaengine.dll
2014-03-06 14:21:42    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93A585A1-D293-447B-BE9F-B2412DBD1097}\mpengine.dll
2014-03-05 02:02:39    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-04 19:51:43    --------    d-----w-    C:\Windows\System32\catroot2
2014-03-04 19:43:32    --------    d-----w-    C:\Windows\System32\wbem\repository
2014-03-03 06:01:07    --------    d-----w-    C:\Windows\CleanMem
2014-03-03 06:01:07    --------    d-----w-    C:\Program Files (x86)\CleanMem
2014-03-03 05:37:52    --------    d-----w-    C:\Program Files\Tweaking.com simple tweaking system
2014-03-02 23:39:27    --------    d-----w-    C:\Windows\System32\wbem\repository.002
2014-03-02 23:38:15    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-03-02 23:05:52    --------    d-----w-    C:\RegBackup
2014-03-02 18:33:07    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 18:20:40    --------    d-----w-    C:\Program Files\Tweaking.com
2014-02-25 08:11:40    --------    d-----w-    C:\Windows\Migration
2014-02-17 01:58:07    --------    d-----w-    C:\Users\WingMaker\AppData\Roaming\EncryptStick
2014-02-15 17:41:02    22776944    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-02-15 17:41:01    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-02-15 17:39:52    194560    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2014-02-13 08:02:55    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-13 08:02:54    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-13 08:00:59    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-13 07:05:34    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-13 07:05:33    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-13 07:05:29    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-13 07:05:26    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-12 10:07:13    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2014-02-12 10:07:06    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2014-02-12 10:07:01    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2014-02-12 10:06:55    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2014-02-12 10:06:54    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2014-02-12 10:06:43    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-12 10:06:12    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2014-02-12 10:06:07    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2014-02-12 10:06:03    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2014-02-12 10:05:58    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2014-02-12 10:05:53    488448    ----a-w-    C:\Windows\System32\secproc.dll
2014-02-12 10:05:52    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2014-02-12 10:05:36    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2014-02-12 10:05:33    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2014-02-12 10:05:30    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2014-02-12 10:05:25    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2014-02-12 10:05:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2014-02-12 10:05:16    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2014-02-12 10:03:13    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 10:03:10    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-02-12 10:02:49    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-02-12 10:02:40    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
.
==================== Find3M  ====================
.
2014-02-21 01:42:15    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-21 01:42:14    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-27 08:08:05    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-27 08:08:05    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-12-18 09:01:08    40760    ----a-w-    C:\Windows\System32\TURegOpt.exe
2013-12-18 09:01:02    43320    ----a-w-    C:\Windows\System32\uxtuneup.dll
2013-12-18 09:01:02    36152    ----a-w-    C:\Windows\SysWow64\uxtuneup.dll
2013-12-18 09:01:02    29496    ----a-w-    C:\Windows\System32\authuitu.dll
2013-12-18 09:01:02    25400    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2010-11-03 00:39:00    8390880    ----a-w-    C:\Program Files\Firefox Setup 3.6.12.exe
.
============= FINISH: 11:54:36.83 ===============

Please advise...  I've been trying to resolve this first on my own and then here since March 7th.  :(
 
Your help is much appreciated..


 


BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 13 March 2014 - 10:01 PM

Hello wingmaker,

 

My name is Cody and I'll be helping you clean up your computer. :)

 

What's below is very important information. Please take the time to read it before we get started.

 

I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

 

I am in Orlando, Florida at GMT-5 Hours (Eastern Standard Time). As previously stated, I normally respond within 24 hours, but I am a university student currently working part time. If I do not respond within 48 hours, feel free to send me a private message.

 

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  • Do not attach logs or use code boxes, just copy and paste the text.

  • I cannot see your computer.

  • Periodically update me on the condition of your computer, and provide detail in every post.

  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.

 

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

 

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Edited by TheShooter93, 13 March 2014 - 10:02 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 14 March 2014 - 09:05 AM

Hello Cody, I'm Jordan and I too am on EST..  from Montreal, Canada  :)

 

Most of my important materials are already backed up to external HD...  I will clean up my desktop and documents folder before we begin.  I am still only able to operate in SAFE MODE and nothing has changed since my last post to this forum.

 

Many thanks!



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 16 March 2014 - 12:36 PM

Hello wingmaker,

 

Most of my important materials are already backed up to external HD...  I will clean up my desktop and documents folder before we begin.  I am still only able to operate in SAFE MODE and nothing has changed since my last post to this forum.

 

Sounds good. :thumbup2: In order to download the needed software, you will have to boot into Safe Mode With Networking. Since you were able to enter Safe Mode, I assume you know how to enter Safe Mode With Networking. If this is not the case, please let me know and I can provide instructions.
 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Delete button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------------------------------------------------------

 

Also, let's see a FRST log: 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Edited by TheShooter93, 16 March 2014 - 12:36 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 March 2014 - 02:17 PM

Hi Cody...

 

I am only able to operate the PC from safe mode and have been using the SAFE MODE with NETWORKING since I came to this site for help.

 

I already ran an AdwCleaner scan March 11th as advised in the "Am I  Infected forum - see results posted to beginning of this thread.  No one has ever interpreted the results.  I never clicked on delete files since I thought someone needed to evaluate results before I did so.  In a nutshell, I have not been able to do anything with the computer since I ran the AwdCleaner, waiting on someone to interpret and advise. :(  

 

Please advise on what to do with previously posted AdwCleaner results (attached is the .txt file)  and whether or not I should delete all these files and run it again.  I have done nothing to my computer since I ran AdwCleaner on March 11th and I haven't rebooted my computer since because I still have AdwCleaner open.

 

I will download, install and run the other program as advised.  But please get back to me about my current AdwCleaner results and how to proceed. 

 

Actually it just occurred to me that I cleaned up my desktop and documents since I ran AdwCleaner, so I guess I'll run it again. 

 

Thanks!


Edited by wingmaker, 16 March 2014 - 02:20 PM.


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 16 March 2014 - 03:42 PM

I will download, install and run the other program as advised.  But please get back to me about my current AdwCleaner results and how to proceed. 

 

My first set of instructions concerning AdwCleaner in my previous post did this:

 

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Delete button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 


Edited by TheShooter93, 16 March 2014 - 03:42 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 March 2014 - 04:34 PM

Okay Cody... I am redoing the AdwCleaner scan... just one thing, there is NO DELETE button that I can see... only SCAN / CLEAN / REPORT / UNINSTALL / DONATE.  I don't know if there is something at the bottom, the AdwCleaner is actually bigger than my screen, it disappears below my task bar so I cannot see the bottom at all...

 

I hope SCAN is okay.  Something odd happened after I clicked SCAN... I got a message stating "Pending, Please uncheck any elements you don't want to remove.  It's as though a new SCAN hadn't run as it took no time at all yet the report is dated today.  Below are the results:

 

AdwCleaner[R1] results:

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 17:35:10
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : WingMaker - PEGASUS
# Running from : C:\Users\WingMaker\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\.autoreg
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\defaulttab.config
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\searchplugins\search.xml
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\user.js
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\domainsonfirefox@domainsonfire.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\netvideohunter@netvideohunter.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\youtubeunblocker@unblocker.yt
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\orbitdownloader
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\CodecCheck
Folder Found C:\ProgramData\Premium
Folder Found C:\SearchProtect
Folder Found C:\Users\WINGMA~1\AppData\Local\Temp\FoxTab
Folder Found C:\Users\WingMaker\AppData\Local\Conduit
Folder Found C:\Users\WingMaker\AppData\Local\SwvUpdater
Folder Found C:\Users\WingMaker\AppData\LocalLow\Conduit
Folder Found C:\Users\WingMaker\AppData\LocalLow\PriceGong
Folder Found C:\Users\WingMaker\AppData\Roaming\DefaultTab
Folder Found C:\Users\WingMaker\AppData\Roaming\DriverCure
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\ConduitCommon
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\CT2786678
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\FoxTab
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Smartbar
Folder Found C:\Users\WingMaker\AppData\Roaming\SearchProtect
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKCU\Software\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\AVG Nation toolbar
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Orbit
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\Software\Orbit
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\prefs.js ]

Line Found : user_pref("CT2786678..clientLogIsEnabled", true);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "23-1-2012");
Line Found : user_pref("CT2786678.DSInstall", false);
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Sun Jan 22 2012 17:07:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 151);
Line Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Sun Jan 22 2012 17:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Sun Jan 22 2012 17:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "23-1-2012");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HPInstall", false);
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
Line Found : user_pref("CT2786678.InstallationType", "Unknown");
Line Found : user_pref("CT2786678.InstalledDate", "Sun Jan 22 2012 16:02:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsInitSetupIni", true);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sun Jan 22 2012 16:03:11 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_3.9.0.3", "Sun Jan 22 2012 16:02:51 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2786678.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sun Jan 22 2012 16:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sun Jan 22 2012 16:02:38 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1326994324");
Line Found : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2786678.UserID", "UN08605057496401425");
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Sun Jan 22 2012 17:03:02 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.autoDisableScopes", -1);
Line Found : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204A616E20323220323031322031363A30333A303020474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("CT2786678.backendstorage.pairingkey", "33394241304344334443383433423843463743344244314635354342313943313936343637384333");
Line Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Found : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32363637312C226C6162656C223A5B5D2C22746F7272656E7473223A5B5D2C22746F7272656E7463223A2232313238333231333038222C227273736665656473223A[...]
Line Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.initDone", true);
Line Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.revertSettingsEnabled", false);
Line Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Jan 22 2012 16:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.usagesFlag", 1);
Line Found : user_pref("CT3074349..clientLogIsEnabled", true);
Line Found : user_pref("CT3074349..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3074349..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3074349.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3074349.CTID", "CT3074349");
Line Found : user_pref("CT3074349.CommunitiesChangesLastCheckTime", "0");
Line Found : user_pref("CT3074349.CurrentServerDate", "27-9-2011");
Line Found : user_pref("CT3074349.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3074349.DialogsGetterLastCheckTime", "Mon Sep 26 2011 14:46:21 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.DownloadReferralCookieData", "");
Line Found : user_pref("CT3074349.EnableClickToSearchBox", false);
Line Found : user_pref("CT3074349.EnableSearchHistory", false);
Line Found : user_pref("CT3074349.EnableSearchSuggest", false);
Line Found : user_pref("CT3074349.FirstServerDate", "26-9-2011");
Line Found : user_pref("CT3074349.FirstTime", true);
Line Found : user_pref("CT3074349.FirstTimeFF3", true);
Line Found : user_pref("CT3074349.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3074349.GroupingInvalidateCache", false);
Line Found : user_pref("CT3074349.GroupingLastCheckTime", "0");
Line Found : user_pref("CT3074349.GroupingLastServerUpdateTime", "0");
Line Found : user_pref("CT3074349.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3074349.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3074349.HasUserGlobalKeys", true);
Line Found : user_pref("CT3074349.Initialize", true);
Line Found : user_pref("CT3074349.InitializeCommonPrefs", true);
Line Found : user_pref("CT3074349.InstallationAndCookieDataSentCount", 2);
Line Found : user_pref("CT3074349.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT3074349.InstalledDate", "Mon Sep 26 2011 14:46:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.InvalidateCache", false);
Line Found : user_pref("CT3074349.IsAlertDBUpdated", true);
Line Found : user_pref("CT3074349.IsGrouping", false);
Line Found : user_pref("CT3074349.IsInitSetupIni", true);
Line Found : user_pref("CT3074349.IsMulticommunity", false);
Line Found : user_pref("CT3074349.IsOpenThankYouPage", false);
Line Found : user_pref("CT3074349.IsOpenUninstallPage", true);
Line Found : user_pref("CT3074349.LanguagePackLastCheckTime", "Mon Sep 26 2011 14:46:23 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3074349.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3074349.LastLogin_3.6.0.10", "Tue Sep 27 2011 05:15:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.LatestVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.Locale", "en");
Line Found : user_pref("CT3074349.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3074349.MCDetectTooltipShow", false);
Line Found : user_pref("CT3074349.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3074349.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3074349.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3074349.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.RadioLastCheckTime", "0");
Line Found : user_pref("CT3074349.RadioLastUpdateIPServer", "0");
Line Found : user_pref("CT3074349.RadioLastUpdateServer", "0");
Line Found : user_pref("CT3074349.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.SavedHomepage", "hxxp://by161w.bay161.mail.live.com/default.aspx");
Line Found : user_pref("CT3074349.SearchBackToDefaultEngine", false);
Line Found : user_pref("CT3074349.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3074349.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3074349&SearchSource=2&q=");
Line Found : user_pref("CT3074349.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3074349.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3074349.SearchInNewTabLastCheckTime", "Mon Sep 26 2011 14:46:21 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT3074349.ServiceMapLastCheckTime", "Mon Sep 26 2011 14:46:17 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SettingsLastCheckTime", "Tue Sep 27 2011 10:26:44 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SettingsLastUpdate", "1314715212");
Line Found : user_pref("CT3074349.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastCheck", "Mon Sep 26 2011 14:46:17 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT3074349.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3074349");
Line Found : user_pref("CT3074349.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3074349.UserID", "UN82030157816485186");
Line Found : user_pref("CT3074349.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3074349.alertChannelId", "1465784");
Line Found : user_pref("CT3074349.approveUntrustedApps", false);
Line Found : user_pref("CT3074349.backendstorage.facebook_mode", "32");
Line Found : user_pref("CT3074349.backendstorage.facebook_user_locale", "656E");
Line Found : user_pref("CT3074349.components.1000082", false);
Line Found : user_pref("CT3074349.components.1000234", false);
Line Found : user_pref("CT3074349.components.129574421763479940", false);
Line Found : user_pref("CT3074349.components.129574421763997487", false);
Line Found : user_pref("CT3074349.components.129574421764495504", false);
Line Found : user_pref("CT3074349.components.129574421764505270", false);
Line Found : user_pref("CT3074349.components.129574421764515036", false);
Line Found : user_pref("CT3074349.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3074349.globalFirstTimeInfoLastCheckTime", "Tue Sep 27 2011 05:15:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.initDone", true);
Line Found : user_pref("CT3074349.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3074349.isFirstRadioInstallation", false);
Line Found : user_pref("CT3074349.myStuffEnabled", true);
Line Found : user_pref("CT3074349.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3074349.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3074349.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3074349.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3074349.oldAppsList", "129446538071425236,129574421762864744,111,129574421763479940,1000082,129574421763997487,1000234,129574421764495504,129574421764505270,129574421764515036,1000034,100[...]
Line Found : user_pref("CT3074349.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3074349.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.testingCtid", "");
Line Found : user_pref("CT3074349.toolbarAppMetaDataLastCheckTime", "Mon Sep 26 2011 14:46:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.toolbarContextMenuLastCheckTime", "Mon Sep 26 2011 14:46:23 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.usageEnabled", false);
Line Found : user_pref("CT3074349.usagesFlag", 2);
Line Found : user_pref("CT3282812.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.buckguru.com%2Fdownload%2F%3Fproduct%3D12%26email%3Dswan_jordan%40hotmail.com\",\"EB_MAIN_FRAME_TITLE\":\"Proble[...]
Line Found : user_pref("CT3282812_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375464364481,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}");
Line Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.FF19Solved", "true");
Line Found : user_pref("CT3289847.Facebook_Mode.enc", "Mg==");
Line Found : user_pref("CT3289847.Facebook_User_Locale.enc", "ZW4=");
Line Found : user_pref("CT3289847.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Found : user_pref("CT3289847.FirstTime", "true");
Line Found : user_pref("CT3289847.FirstTimeFF3", "true");
Line Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.UserID", "UN30781615464862199");
Line Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289847.cbfirsttime.enc", "VHVlIE1heSAyMSAyMDEzIDEzOjM5OjA1IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3289847.first_time_search.enc", "MQ==");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3289847.fixUrls", true);
Line Found : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "NmM4YjAyNWEtYTA1NS04NWIwLTZlZGItZDAyZGNlYWRjM2Mw");
Line Found : user_pref("CT3289847.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "YTQ4MjkyMGEtYTMwNi0xNDdiLThjNmYtMDMxNzBmNjk3MjEy");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Found : user_pref("CT3289847.installDate", "20/4/2013 0:28:08");
Line Found : user_pref("CT3289847.installSessionId", "-1");
Line Found : user_pref("CT3289847.installSp", "TRUE");
Line Found : user_pref("CT3289847.installUsageEarly", "2013-05-21T20:38:36.0818634+03:00");
Line Found : user_pref("CT3289847.installerVersion", "1.4.1.3");
Line Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289847.keyword", "true");
Line Found : user_pref("CT3289847.lastVersion", "10.16.2.509");
Line Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2OTI0NDQxNTAxMQ==");
Line Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNWE2ZGI2ODktNWJiNi00YWVmLTkzMjUtNmQ4NzQ5ODYxOGQ0IiwiZG9tYWlucyI[...]
Line Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Line Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2OTI0NDQxNTU3Mw==");
Line Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_userId.enc", "MTAzNWE0YzItYjI4MC00NTZmLWE5ZTEtYmZiOWYxN2ZkMmRh");
Line Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsessionmanager.mozdev.org%2Fhistory.html%3Foldversion%3D0.8.0.1%26newversion%3D0.8.0.6\",\"EB_MAIN_FRAME_TITLE\":\"m[...]
Line Found : user_pref("CT3289847.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Found : user_pref("CT3289847.search.searchCount", "0");
Line Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchRevert", "true");
Line Found : user_pref("CT3289847.searchUserMode", "2");
Line Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369157935856");
Line Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369244410438");
Line Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369157935604");
Line Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369157923120");
Line Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1369167930316");
Line Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369157935703");
Line Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1369167930406");
Line Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1369167930008");
Line Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1369167930506");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369157935480");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1369244414577");
Line Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1369244410607");
Line Found : user_pref("CT3289847.settingsINI", true);
Line Found : user_pref("CT3289847.showToolbarPermission", "false");
Line Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289847.smartbar.homepage", "true");
Line Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Found : user_pref("CT3289847.url_history0001.enc", "aHR0cHM6Ly9mYnNvY2lhbGNvdXBvbnMuY29tL2FwcC9hZG1pbjo6OmNsaWNraGFuZGxlcjo6OjEzNjkyMzkzOTA5MzMsLCxodHRwOi8vZmJzb2NpYWxjb3Vwb25zLmNvbS9kYXNoYm9hcmQvc3RhcnQvOjo6[...]
Line Found : user_pref("CT3289847.versionFromInstaller", "10.14.380.14");
Line Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1369157906867,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3074349&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "PhotoJoy US Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1326994325\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CA", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1465784/1461438/CA", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3074349", "\"1312968577\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:12ac\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"023d3d3f2c9cc1:12ac\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"13a760730d9291f1df061003ecf304ce\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3074349", "\"634515122457000000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3074349&octid=CT3074349", "\"1314715212\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer_dead.gif", "\"03e383867bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.gif", "\"0e685fa27bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif", "\"02faea337c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif", "\"03a54d7f47ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif", "\"049b47644c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WingMaker\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\e9k0lx8w.default\\conduitCommon\\modules\\3.9.0.3");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/c4/d0/c43b31cd-f174-4062-8bc6-cc15a23691d0/BrowserFiles/8cfec7de-e8ec-4f1e-9b41-950b0f760652.html", "300x299");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 22 2012 16:05:18 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "9e45b5c0-bfd9-400d-8853-cf4682811dd2");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jan 22 2012 16:02:42 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 22 2012 17:02:50 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "7c859bb3-85e0-44cc-b419-3f59075735ec");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://by161w.bay161.mail.live.com/mail/?n=2067682555&fid=1&fav=1#n=1469595194&fid=1&fav=1");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "PhotoJoy US Customized Web Search");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812&SearchSource=61&CUI=UN36895330102909286&UM=2&UP=SP5490669D-8E51-4934-8DA5-442CB026E82C");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d[...]
Line Found : user_pref("browser.newtab.url", "hxxp://www.mysearchresults.com/?nt=nt2&t=03&SearchSource=45&UM=2&c=3563&ctid=CT3300024");
Line Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.crossrider.bic", "132a70e98846b385fa31bd7bc4cfc45e");
Line Found : user_pref("extensions.crossriderapp435.435.active", true);
Line Found : user_pref("extensions.crossriderapp435.435.affid", "0");
Line Found : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n//------------------ PLUGIN resources_background START ------------------ ------------------ \n(function(){appAPI.ready=function(a){appAPI.[...]
Line Found : user_pref("extensions.crossriderapp435.435.backgroundver", 9);
Line Found : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221325268140%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2214985%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxp%3A//www.the-profit-platform.com/webinar/replay%22");
Line Found : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Line Found : user_pref("extensions.crossriderapp435.435.domain", "");
Line Found : user_pref("extensions.crossriderapp435.435.emailsig", "");
Line Found : user_pref("extensions.crossriderapp435.435.exposesites", "");
Line Found : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.group", 0);
Line Found : user_pref("extensions.crossriderapp435.435.homepage", "");
Line Found : user_pref("extensions.crossriderapp435.435.iframe", false);
Line Found : user_pref("extensions.crossriderapp435.435.js", "\n//------------------ PLUGIN app_435_specific START ------------------ ------------------ \nif(!appAPI.matchPages(\"search.babylon.com\",\"search.swee[...]
Line Found : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Line Found : user_pref("extensions.crossriderapp435.435.premium", true);
Line Found : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Line Found : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.thankyou", "");
Line Found : user_pref("extensions.crossriderapp435.435.ver", 79);
Line Found : user_pref("extensions.crossriderapp435.apps", "435");
Line Found : user_pref("extensions.crossriderapp435.bic", "132a70e98846b385fa31bd7bc4cfc45e");
Line Found : user_pref("extensions.crossriderapp435.cid", 435);
Line Found : user_pref("extensions.crossriderapp435.firstrun", false);
Line Found : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp435.installationdate", 1317062744);
Line Found : user_pref("extensions.crossriderapp435.jsver", 3);
Line Found : user_pref("extensions.crossriderapp435.lastcheck", 23249646);
Line Found : user_pref("extensions.crossriderapp435.lastcheckitem", 23249724);
Line Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1394985695992");
Line Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1394985695986");
Line Found : user_pref("extensions.crossriderapp435@crossrider.com.install-event-fired", true);
Line Found : user_pref("extensions.defaulttab.config", "{\"set_default_search\":\"Search|Conduit\",\"features\":[{\"engine\":\"Related Search - NS1 - DDC\",\"additional_config\":\"c=1A3578,tlid=22406\",\"ai\":0,\"[...]
Line Found : user_pref("extensions.enabledAddons", "netvideohunter%40netvideohunter.com:1.15,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21,%7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9,%7BFCAB6FDD-5585-425b[...]
Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=");
Line Found : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"275687\",\"name\":\"Sunset Over Paradise Beach\",\"headerURL\":\"hxxps://addons.mozilla.org/_files/213659/SunsetonPalmTreeBeach2.jpg?1281173216\",[...]
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=");
Line Found : user_pref("smartbar.machineId", "HVBR+ZYAHCROWWBDRLDVPDLV3IMCHDSERDIQ+QUZVTRY3KOMBXXB0UOWIZWTYLT0RZSIYTY2RD/4AQUXDDV6OG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://isearch.avg.com/?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&lang=en&ds=AVG&[...]
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&l[...]
Line Found : user_pref("smartbar.originalSearchEngine", "Google");

-\\ Google Chrome v

[ File : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [56688 octets] - [11/03/2014 19:56:08]
AdwCleaner[R1].txt - [56511 octets] - [16/03/2014 17:35:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [56572 octets] ##########
 

------

 

FRST.TXT results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by WingMaker (administrator) on PEGASUS on 16-03-2014 17:47:15
Running from C:\Users\WingMaker\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Sunbelt Software) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
() C:\Users\WingMaker\Downloads\AdwCleaner.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SBRegRebootCleaner] - "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe"
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Immunet Protect] - C:\Program Files\Immunet\3.0.13\iptray.exe [3523840 2013-08-04] (Immunet)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Runonce: [GrpConv] - grpconv -o
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-23] (Google Inc.)
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\Run: [PeerGuardian] - C:\Program Files\PeerGuardian2\pg2.exe [2273792 2007-06-02] (Phoenix Labs)
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [737656 2013-12-10] (BitTorrent, Inc.)
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\Run: [Google Update] - C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe [841096 2014-02-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-56375958-279248657-2564932593-1001\...\MountPoints2: {d4e03e72-8d54-11e1-a194-7071bc465303} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

URLSearchHook: HKCU - (No Name) - {f2c43291-151e-499c-98a7-923c120b88fa} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6871F27F-2EEA-4FBC-BDC5-A7FA47A21F91} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {6871F27F-2EEA-4FBC-BDC5-A7FA47A21F91} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&lang=en&ds=AVG&pr=fr&d=2012-12-23 17:17:09&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0CF47262-9F2C-4E2A-8AC0-0C621B028D88} URL = http://search.conduit.com/Results.aspx?ctid=CT3283894&SearchSource=45&q={searchTerms}
SearchScopes: HKCU - {5092E3C4-EF00-4B63-9F16-E5690E11A00F} URL = http://www.ant.com/search?s=browser&q={searchTerms}
SearchScopes: HKCU - {6871F27F-2EEA-4FBC-BDC5-A7FA47A21F91} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - {939B6887-BA78-4149-A064-31B3AFAAF13C} URL = http://search.avg.com/route/?d=4d435420&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&lang=en&ds=AVG&pr=fr&d=2012-12-23 17:17:09&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SoThink Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
Toolbar: HKLM-x32 - SoThink Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default
FF user.js: detected! => C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\user.js
FF NewTab: hxxp://www.mysearchresults.com/?nt=nt2&t=03&SearchSource=45&UM=2&c=3563&ctid=CT3300024
FF Homepage: https://bay169.mail.live.com/mail/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - c:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\WingMaker\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\WingMaker\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\WingMaker\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\searchplugins\somoto-v1-customized-web-search.xml
FF Extension: Ant Video Downloader - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com [2013-12-27]
FF Extension: DomainsOnFirefox - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\domainsonfirefox@domainsonfire.com [2012-01-16]
FF Extension: NetVideoHunter - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\netvideohunter@netvideohunter.com [2013-12-04]
FF Extension: SoThink Toolbar - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com [2013-07-27]
FF Extension: YouTube Unblocker - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-15]
FF Extension: SeoQuake - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-15]
FF Extension: mediaplayerconnectivity - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-05-18]
FF Extension: DownloadHelper - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: Flash and Video Download - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-03-09]
FF Extension: uTorrentBar Community Toolbar - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2013-02-11]
FF Extension: SearchPreview - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-03-15]
FF Extension: Default Tab - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\addon@defaulttab.com.xpi [2013-04-20]
FF Extension: CBSurge.com - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\cbsurge@cbsurge.com.xpi [2011-06-27]
FF Extension: Advertising Cookie Opt-out - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\optout@google.com.xpi [2012-03-16]
FF Extension: RankChecker - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\rankchecker@seobook.com.xpi [2011-05-15]
FF Extension: Session Manager - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-05-02]
FF Extension: FlashGot - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-07-25]
FF Extension: {b20e2944-12d0-4ab5-b1c3-fd9e4cc18ace} - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{b20e2944-12d0-4ab5-b1c3-fd9e4cc18ace}.xpi [2013-11-10]
FF Extension: Shockwave Flash HD Plus - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{b693707f-ce59-41c5-9fd7-5984fb1bf900}.xpi [2013-11-16]
FF Extension: SearchStatus - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-05-15]
FF Extension: FoxTab - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2011-06-28]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2012-11-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox [2011-09-25]

Chrome:
=======
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: https://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&lang=en&ds=AVG&pr=fr&d=2012-07-31 14:27:24&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\WingMaker\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\WingMaker\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\WingMaker\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\WingMaker\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\WingMaker\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-03]
CHR Extension: (Google Drive) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (YouTube) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-03]
CHR Extension: (Google Search) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (Fun Media Bar) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo [2013-11-22]
CHR Extension: (Codec-V) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-03]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\WingMaker\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\WINGMA~1\AppData\Local\Temp\ccex.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\WingMaker\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-09-25]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2011-09-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128384 2011-05-04] (SUPERAntiSpyware.com)
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1161072 2012-03-29] (Lavasoft Limited)
S3 Ant App service; C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [504816 2013-02-05] (Helios Technologies Ltd)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S2 ImmunetProtect; C:\Program Files\Immunet\3.0.13\agent.exe [521536 2013-08-04] (Sourcefire, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2804280 2011-05-17] (Sunbelt Software)
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [411648 2013-08-04] (S.C. BitDefender S.R.L)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R3 ACPIService; C:\Windows\system32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
S3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)
S2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [100096 2013-08-04] (Sourcefire, Inc.)
S1 ImmunetProtectDriver; C:\Windows\System32\DRIVERS\ImmunetProtect.sys [58112 2013-08-04] (Windows ® Win 7 DDK provider)
S1 ImmunetSelfProtectDriver; C:\Windows\System32\DRIVERS\ImmunetSelfProtect.sys [33024 2013-08-04] (Windows ® Win 7 DDK provider)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NW1950; C:\Windows\system32\DRIVERS\NW1950.sys [25080 2009-09-17] ()
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [284232 2013-08-04] (BitDefender S.R.L.)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 17:47 - 2014-03-16 17:48 - 00028186 _____ () C:\Users\WingMaker\Downloads\FRST.txt
2014-03-16 17:47 - 2014-03-16 17:47 - 00000000 ____D () C:\FRST
2014-03-16 17:45 - 2014-03-16 17:45 - 02157056 _____ (Farbar) C:\Users\WingMaker\Downloads\FRST64.exe
2014-03-16 17:26 - 2014-03-16 17:26 - 01950720 _____ () C:\Users\WingMaker\Downloads\AdwCleaner.exe
2014-03-16 17:09 - 2014-03-16 17:10 - 00000000 ____D () C:\Users\WingMaker\Desktop\AdwCleaner
2014-03-12 11:54 - 2014-03-12 11:56 - 00024233 _____ () C:\Users\WingMaker\Desktop\dds.txt
2014-03-12 11:51 - 2014-03-11 19:54 - 00688992 ____R (Swearware) C:\Users\WingMaker\Desktop\dds.com
2014-03-11 20:00 - 2014-03-11 20:01 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\WingMaker\Downloads\tdsskiller.exe
2014-03-11 19:59 - 2014-03-11 19:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\WingMaker\Downloads\rkill.exe
2014-03-11 19:56 - 2014-03-16 17:35 - 00000000 ____D () C:\AdwCleaner
2014-03-11 19:54 - 2014-03-11 19:54 - 00688992 _____ (Swearware) C:\Users\WingMaker\Downloads\dds.com
2014-03-09 16:46 - 2014-03-09 16:46 - 00000000 ____D () C:\MATS
2014-03-09 16:44 - 2014-03-09 16:44 - 00347816 _____ (Microsoft Corporation) C:\Users\WingMaker\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.5231782648787565.2.1.Run.exe
2014-03-09 16:18 - 2014-03-09 16:18 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-09 16:18 - 2014-03-09 16:18 - 00000000 ____D () C:\Users\WingMaker\AppData\Local\VS Revo Group
2014-03-09 16:18 - 2014-03-09 16:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-09 16:18 - 2014-03-09 16:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-09 16:18 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-09 16:17 - 2014-03-09 16:17 - 10619688 _____ (VS Revo Group ) C:\Users\WingMaker\Downloads\RevoUninProSetup.exe
2014-03-09 14:13 - 2014-03-09 14:13 - 02347384 _____ (ESET) C:\Users\WingMaker\Downloads\esetsmartinstaller_enu.exe
2014-03-08 15:02 - 2014-03-08 15:07 - 163256077 _____ () C:\Users\WingMaker\Desktop\Immunet_Support_Tool_2014_03_08_14_02_56.7z
2014-03-08 14:50 - 2014-03-08 14:50 - 00921000 _____ (Oracle Corporation) C:\Users\WingMaker\Downloads\jxpiinstall.exe
2014-03-08 10:45 - 2014-03-08 10:45 - 00003627 _____ () C:\Users\WingMaker\Desktop\ESETscan.txt
2014-03-07 20:31 - 2014-03-07 20:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-07 20:30 - 2014-03-07 20:30 - 02347384 _____ (ESET) C:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe
2014-03-07 20:16 - 2014-03-07 20:16 - 00024775 _____ () C:\Users\WingMaker\Downloads\Result.txt
2014-03-07 20:12 - 2014-03-07 20:12 - 00982016 _____ (Farbar) C:\Users\WingMaker\Downloads\MiniToolBox.exe
2014-03-07 20:10 - 2014-03-07 20:10 - 00001599 _____ () C:\Users\WingMaker\Desktop\checkup.txt
2014-03-07 20:08 - 2014-03-07 20:08 - 00987442 _____ () C:\Users\WingMaker\Downloads\SecurityCheck.exe
2014-03-07 17:25 - 2014-03-07 17:25 - 01440846 _____ () C:\Users\WingMaker\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-07 17:00 - 2014-03-07 17:00 - 00002157 _____ () C:\Users\WingMaker\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-07 17:00 - 2014-03-07 17:00 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-07 16:59 - 2014-03-07 16:59 - 05198480 _____ () C:\Users\WingMaker\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-03-07 16:59 - 2014-03-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-07 16:39 - 2014-03-07 16:39 - 00000653 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_9D6AE230-A638-11E3-8A55-7071BC465303.job
2014-03-07 16:21 - 2014-03-07 16:21 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\SparkTrust
2014-03-07 16:21 - 2014-03-07 16:21 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\DriverCure
2014-03-07 16:20 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-03-07 16:20 - 2014-03-07 16:20 - 00000653 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_FCAEBB80-A635-11E3-8A55-7071BC465303.job
2014-03-06 21:11 - 2014-03-06 21:11 - 00003224 ____N () C:\bootsqm.dat
2014-03-06 17:19 - 2014-03-06 17:19 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-03-03 17:38 - 2014-03-03 17:41 - 00002488 _____ () C:\Windows\logboot_03.03.2014.tureg.log
2014-03-03 02:06 - 2014-03-03 02:06 - 03348144 _____ () C:\Users\WingMaker\Downloads\cleanmem_v2.4.3_setup (1).exe
2014-03-03 02:03 - 2014-03-03 02:03 - 00000022 _____ () C:\Windows\cmm.dat
2014-03-03 02:01 - 2014-03-03 02:01 - 00003512 _____ () C:\Windows\System32\Tasks\Clean System Memory
2014-03-03 02:01 - 2014-03-03 02:01 - 00000000 ____D () C:\Windows\CleanMem
2014-03-03 02:01 - 2014-03-03 02:01 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
2014-03-03 02:01 - 2014-03-03 02:01 - 00000000 ____D () C:\Program Files (x86)\CleanMem
2014-03-03 01:58 - 2014-03-03 01:58 - 03348144 _____ () C:\Users\WingMaker\Downloads\cleanmem_v2.4.3_setup.exe
2014-03-03 01:37 - 2014-03-03 01:39 - 00000000 ____D () C:\Program Files\Tweaking.com simple tweaking system
2014-03-02 20:39 - 2014-03-02 20:39 - 02086071 _____ () C:\Users\WingMaker\Downloads\tweaking.com_simple_system_tweaker_portable.zip
2014-03-02 19:30 - 2014-03-04 15:55 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-02 19:06 - 2014-03-02 19:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PEGASUS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-02 19:05 - 2014-03-02 19:05 - 00000000 ____D () C:\RegBackup
2014-03-02 14:34 - 2014-03-02 14:34 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 14:33 - 2014-03-02 14:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 14:20 - 2014-03-02 14:21 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-02 14:18 - 2014-03-02 14:18 - 03092809 _____ () C:\Users\WingMaker\Downloads\tweaking.com_windows_repair_aio.zip
2014-02-16 21:58 - 2014-02-16 21:58 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\EncryptStick
2014-02-16 17:21 - 2014-02-16 17:21 - 00000000 ____D () C:\Users\WingMaker\Documents\2014_02_16
2014-02-15 13:39 - 2014-02-15 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-16 17:48 - 2014-03-16 17:47 - 00028186 _____ () C:\Users\WingMaker\Downloads\FRST.txt
2014-03-16 17:47 - 2014-03-16 17:47 - 00000000 ____D () C:\FRST
2014-03-16 17:45 - 2014-03-16 17:45 - 02157056 _____ (Farbar) C:\Users\WingMaker\Downloads\FRST64.exe
2014-03-16 17:35 - 2014-03-11 19:56 - 00000000 ____D () C:\AdwCleaner
2014-03-16 17:26 - 2014-03-16 17:26 - 01950720 _____ () C:\Users\WingMaker\Downloads\AdwCleaner.exe
2014-03-16 17:10 - 2014-03-16 17:09 - 00000000 ____D () C:\Users\WingMaker\Desktop\AdwCleaner
2014-03-16 15:29 - 2011-09-25 09:22 - 00000000 ____D () C:\codec-info
2014-03-16 12:52 - 2010-11-02 23:13 - 01281099 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 11:56 - 2014-03-12 11:54 - 00024233 _____ () C:\Users\WingMaker\Desktop\dds.txt
2014-03-11 20:01 - 2014-03-11 20:00 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\WingMaker\Downloads\tdsskiller.exe
2014-03-11 19:59 - 2014-03-11 19:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\WingMaker\Downloads\rkill.exe
2014-03-11 19:54 - 2014-03-12 11:51 - 00688992 ____R (Swearware) C:\Users\WingMaker\Desktop\dds.com
2014-03-11 19:54 - 2014-03-11 19:54 - 00688992 _____ (Swearware) C:\Users\WingMaker\Downloads\dds.com
2014-03-11 12:46 - 2014-01-17 15:16 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-11 12:46 - 2009-07-14 01:13 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 12:38 - 2011-05-01 22:47 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-03-09 23:53 - 2014-01-29 11:39 - 00003248 _____ () C:\Windows\setupact.log
2014-03-09 23:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 23:52 - 2010-12-17 20:11 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\Skype
2014-03-09 16:46 - 2014-03-09 16:46 - 00000000 ____D () C:\MATS
2014-03-09 16:46 - 2012-04-09 23:32 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
2014-03-09 16:44 - 2014-03-09 16:44 - 00347816 _____ (Microsoft Corporation) C:\Users\WingMaker\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.5231782648787565.2.1.Run.exe
2014-03-09 16:18 - 2014-03-09 16:18 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-09 16:18 - 2014-03-09 16:18 - 00000000 ____D () C:\Users\WingMaker\AppData\Local\VS Revo Group
2014-03-09 16:18 - 2014-03-09 16:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-09 16:18 - 2014-03-09 16:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-09 16:17 - 2014-03-09 16:17 - 10619688 _____ (VS Revo Group ) C:\Users\WingMaker\Downloads\RevoUninProSetup.exe
2014-03-09 14:13 - 2014-03-09 14:13 - 02347384 _____ (ESET) C:\Users\WingMaker\Downloads\esetsmartinstaller_enu.exe
2014-03-09 14:03 - 2013-08-02 12:44 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\Orbit
2014-03-08 15:07 - 2014-03-08 15:02 - 163256077 _____ () C:\Users\WingMaker\Desktop\Immunet_Support_Tool_2014_03_08_14_02_56.7z
2014-03-08 15:02 - 2013-08-04 12:43 - 00000000 ____D () C:\Program Files\Immunet
2014-03-08 14:50 - 2014-03-08 14:50 - 00921000 _____ (Oracle Corporation) C:\Users\WingMaker\Downloads\jxpiinstall.exe
2014-03-08 10:45 - 2014-03-08 10:45 - 00003627 _____ () C:\Users\WingMaker\Desktop\ESETscan.txt
2014-03-07 20:31 - 2014-03-07 20:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-07 20:30 - 2014-03-07 20:30 - 02347384 _____ (ESET) C:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe
2014-03-07 20:16 - 2014-03-07 20:16 - 00024775 _____ () C:\Users\WingMaker\Downloads\Result.txt
2014-03-07 20:12 - 2014-03-07 20:12 - 00982016 _____ (Farbar) C:\Users\WingMaker\Downloads\MiniToolBox.exe
2014-03-07 20:10 - 2014-03-07 20:10 - 00001599 _____ () C:\Users\WingMaker\Desktop\checkup.txt
2014-03-07 20:08 - 2014-03-07 20:08 - 00987442 _____ () C:\Users\WingMaker\Downloads\SecurityCheck.exe
2014-03-07 19:51 - 2014-03-07 16:20 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-03-07 17:25 - 2014-03-07 17:25 - 01440846 _____ () C:\Users\WingMaker\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-03-07 17:00 - 2014-03-07 17:00 - 00002157 _____ () C:\Users\WingMaker\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-07 17:00 - 2014-03-07 17:00 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-07 16:59 - 2014-03-07 16:59 - 05198480 _____ () C:\Users\WingMaker\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-03-07 16:59 - 2014-03-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-07 16:39 - 2014-03-07 16:39 - 00000653 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_9D6AE230-A638-11E3-8A55-7071BC465303.job
2014-03-07 16:21 - 2014-03-07 16:21 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\SparkTrust
2014-03-07 16:21 - 2014-03-07 16:21 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\DriverCure
2014-03-07 16:20 - 2014-03-07 16:20 - 00000653 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_FCAEBB80-A635-11E3-8A55-7071BC465303.job
2014-03-07 16:02 - 2014-02-03 20:10 - 00314786 _____ () C:\Windows\PFRO.log
2014-03-07 13:11 - 2012-01-03 12:06 - 00000000 ____D () C:\Users\WingMaker\Desktop\PDF-REVIEWS
2014-03-07 11:46 - 2013-08-02 19:21 - 00000000 ____D () C:\Users\WingMaker\Desktop\Spiritual
2014-03-06 21:11 - 2014-03-06 21:11 - 00003224 ____N () C:\bootsqm.dat
2014-03-06 20:52 - 2012-04-10 10:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 20:45 - 2012-04-23 19:55 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56375958-279248657-2564932593-1001UA.job
2014-03-06 19:45 - 2010-11-02 20:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-06 18:44 - 2012-04-23 19:55 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56375958-279248657-2564932593-1001Core.job
2014-03-06 17:19 - 2014-03-06 17:19 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-03-06 14:44 - 2013-07-21 13:44 - 00000000 ____D () C:\Users\WingMaker\Desktop\documentary
2014-03-06 12:47 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:47 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:14 - 2012-01-22 16:55 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\uTorrent
2014-03-06 07:20 - 2010-11-11 10:47 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\HP Support Assistant
2014-03-06 07:20 - 2010-11-04 00:43 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\HpUpdate
2014-03-04 16:11 - 2010-11-02 23:16 - 00085712 _____ () C:\Users\WingMaker\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 16:02 - 2009-07-14 00:45 - 00348344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 15:55 - 2014-03-02 19:30 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-04 15:49 - 2009-07-13 22:34 - 00000439 _____ () C:\Windows\win.ini
2014-03-03 17:53 - 2012-04-29 10:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-03 17:43 - 2010-11-02 23:13 - 00000000 ____D () C:\Users\WingMaker
2014-03-03 17:41 - 2014-03-03 17:38 - 00002488 _____ () C:\Windows\logboot_03.03.2014.tureg.log
2014-03-03 17:41 - 2009-07-13 22:34 - 78643200 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-03-03 17:41 - 2009-07-13 22:34 - 16777216 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-03-03 17:41 - 2009-07-13 22:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-03-03 17:37 - 2009-07-13 22:34 - 40108032 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-03-03 17:37 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-03-03 17:37 - 2009-07-13 22:34 - 00061440 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-03-03 02:09 - 2011-01-10 21:23 - 00000187 _____ () C:\Windows\SysWOW64\CleanMem.ini
2014-03-03 02:06 - 2014-03-03 02:06 - 03348144 _____ () C:\Users\WingMaker\Downloads\cleanmem_v2.4.3_setup (1).exe
2014-03-03 02:03 - 2014-03-03 02:03 - 00000022 _____ () C:\Windows\cmm.dat
2014-03-03 02:01 - 2014-03-03 02:01 - 00003512 _____ () C:\Windows\System32\Tasks\Clean System Memory
2014-03-03 02:01 - 2014-03-03 02:01 - 00000000 ____D () C:\Windows\CleanMem
2014-03-03 02:01 - 2014-03-03 02:01 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
2014-03-03 02:01 - 2014-03-03 02:01 - 00000000 ____D () C:\Program Files (x86)\CleanMem
2014-03-03 01:58 - 2014-03-03 01:58 - 03348144 _____ () C:\Users\WingMaker\Downloads\cleanmem_v2.4.3_setup.exe
2014-03-03 01:39 - 2014-03-03 01:37 - 00000000 ____D () C:\Program Files\Tweaking.com simple tweaking system
2014-03-02 20:39 - 2014-03-02 20:39 - 02086071 _____ () C:\Users\WingMaker\Downloads\tweaking.com_simple_system_tweaker_portable.zip
2014-03-02 20:25 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-02 19:48 - 2009-07-13 22:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_602
2014-03-02 19:06 - 2014-03-02 19:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PEGASUS-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-03-02 19:05 - 2014-03-02 19:05 - 00000000 ____D () C:\RegBackup
2014-03-02 17:22 - 2013-04-20 00:28 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\SearchProtect
2014-03-02 17:22 - 2013-04-20 00:28 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-02 17:22 - 2013-04-20 00:26 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\DefaultTab
2014-03-02 16:42 - 2012-01-30 17:27 - 00000000 ____D () C:\Users\WingMaker\AppData\Local\SENukeX
2014-03-02 14:34 - 2014-03-02 14:34 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 14:34 - 2014-03-02 14:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 14:21 - 2014-03-02 14:20 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-02 14:18 - 2014-03-02 14:18 - 03092809 _____ () C:\Users\WingMaker\Downloads\tweaking.com_windows_repair_aio.zip
2014-03-02 13:00 - 2012-04-10 10:32 - 00000952 _____ () C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2014-03-02 12:51 - 2013-04-20 00:26 - 00000258 __RSH () C:\Users\WingMaker\ntuser.pol
2014-03-02 10:13 - 2010-12-11 13:53 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-01 12:50 - 2010-11-02 23:23 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-02-26 04:02 - 2011-05-01 22:47 - 00779660 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 16:21 - 2013-08-02 12:56 - 00000000 ____D () C:\Program Files (x86)\Orbitdownloader
2014-02-21 21:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-20 21:42 - 2012-04-10 10:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:42 - 2012-04-10 10:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:42 - 2011-05-16 17:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 21:58 - 2014-02-16 21:58 - 00000000 ____D () C:\Users\WingMaker\AppData\Roaming\EncryptStick
2014-02-16 17:21 - 2014-02-16 17:21 - 00000000 ____D () C:\Users\WingMaker\Documents\2014_02_16
2014-02-16 04:10 - 2013-07-11 03:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 04:01 - 2010-11-05 19:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 18:00 - 2012-05-10 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 13:42 - 2014-02-15 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 12:56 - 2010-11-02 20:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 12:56 - 2010-11-02 20:58 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 23:13 - 2010-11-02 20:58 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 23:13 - 2010-11-02 20:58 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 11:47 - 2013-10-07 19:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

Files to move or delete:
====================
C:\Users\WingMaker\avg_free_stb_all_2011_1153_cnet.exe
C:\Users\WingMaker\dotNetFx40_Full_setup.exe
C:\Users\WingMaker\setup_av_free.exe
C:\Users\WingMaker\utorrent.exe


Some content of TEMP:
====================
C:\Users\WingMaker\AppData\Local\Temp\02714a46-f341-46fc-86df-6b9763efbb03.dll
C:\Users\WingMaker\AppData\Local\Temp\04a1670d-dba7-4e50-956f-ecb54161dbaa.dll
C:\Users\WingMaker\AppData\Local\Temp\0accc377-d726-4929-9bf1-32404ea7db03.dll
C:\Users\WingMaker\AppData\Local\Temp\0d103091-2b1b-4608-8b21-d1027cbee34b.dll
C:\Users\WingMaker\AppData\Local\Temp\0dbc8899-9344-4845-b642-394935a72d66.dll
C:\Users\WingMaker\AppData\Local\Temp\17f97064-6f39-477b-9813-582ee8f612c1.dll
C:\Users\WingMaker\AppData\Local\Temp\1870ebc4-ca65-4d55-a0b4-2049c93c9507.dll
C:\Users\WingMaker\AppData\Local\Temp\1bf80923-bd1f-45cf-8644-874c47114876.dll
C:\Users\WingMaker\AppData\Local\Temp\20008971-868d-4c57-a0d9-d2c3a3653a90.dll
C:\Users\WingMaker\AppData\Local\Temp\32c26407-ef65-4822-a2cc-881299be6212.dll
C:\Users\WingMaker\AppData\Local\Temp\342a5518-4513-4576-a06c-4756821d9c32.dll
C:\Users\WingMaker\AppData\Local\Temp\345c87d2-5c81-4b06-b167-f33c07b94cb1.dll
C:\Users\WingMaker\AppData\Local\Temp\396cdc5f-d910-49c6-a06d-39632963f4f0.dll
C:\Users\WingMaker\AppData\Local\Temp\3f9d1e97-7b83-4ae5-8628-c4f5a04e7e95.dll
C:\Users\WingMaker\AppData\Local\Temp\452177bd-751c-4a5d-b70b-63e02ab0fa6c.dll
C:\Users\WingMaker\AppData\Local\Temp\4971dd02-7d3d-4001-9027-f12f906567da.dll
C:\Users\WingMaker\AppData\Local\Temp\4aed5974-ea59-4103-a38c-45301c5d94fe.dll
C:\Users\WingMaker\AppData\Local\Temp\4d759204-9b8e-4c9a-a50b-4beb0a95ca8e.dll
C:\Users\WingMaker\AppData\Local\Temp\57598308-aed6-4333-8f73-e9994fdfb177.dll
C:\Users\WingMaker\AppData\Local\Temp\6373a12a-de20-4099-9669-8547e8a0ec05.dll
C:\Users\WingMaker\AppData\Local\Temp\68db4e4e-ba6b-4f59-8486-7b12cb6a2069.dll
C:\Users\WingMaker\AppData\Local\Temp\6915d392-9353-4875-922e-fefebf31a872.dll
C:\Users\WingMaker\AppData\Local\Temp\7157db4a-3c64-419c-a27c-9d56f9f2756c.dll
C:\Users\WingMaker\AppData\Local\Temp\755ebfc9-09ef-4ea1-b7cc-26c8e9d10eb3.dll
C:\Users\WingMaker\AppData\Local\Temp\76af170c-c591-4da2-ab64-a635933938a1.dll
C:\Users\WingMaker\AppData\Local\Temp\76b0c008-982f-432f-9069-19acecfb6416.dll
C:\Users\WingMaker\AppData\Local\Temp\7ef93b86-36af-4dd3-a474-92366951b612.dll
C:\Users\WingMaker\AppData\Local\Temp\8255c091-404b-47e2-9222-8de0648a3a7c.dll
C:\Users\WingMaker\AppData\Local\Temp\87d98095-4714-4bfe-b410-1f0c2d6700a5.dll
C:\Users\WingMaker\AppData\Local\Temp\8bfb65a1-5303-4423-ac3c-675446329605.dll
C:\Users\WingMaker\AppData\Local\Temp\905ce5cb-470f-42cb-98d9-4451c445284f.dll
C:\Users\WingMaker\AppData\Local\Temp\91c9d926-0978-4419-b43f-83416f25b353.dll
C:\Users\WingMaker\AppData\Local\Temp\9cea1c3b-950d-42b2-8e02-8fc17c77d849.dll
C:\Users\WingMaker\AppData\Local\Temp\aea9c6d4-82ec-41a2-b1f6-b642c52739f9.dll
C:\Users\WingMaker\AppData\Local\Temp\c2b13356-d245-45aa-a331-b01a9d395480.dll
C:\Users\WingMaker\AppData\Local\Temp\c57102d4-6361-4508-aaf9-8890bc518739.dll
C:\Users\WingMaker\AppData\Local\Temp\ca94c7a8-c39f-4af7-9f8a-725c2e5476d6.dll
C:\Users\WingMaker\AppData\Local\Temp\casetup64.exe
C:\Users\WingMaker\AppData\Local\Temp\cb417916-ec34-42ed-be32-12405d4e28ac.dll
C:\Users\WingMaker\AppData\Local\Temp\cjxoekr9.dll
C:\Users\WingMaker\AppData\Local\Temp\d52c3d2b-1f77-4b5e-bfa7-146aeec47ff3.dll
C:\Users\WingMaker\AppData\Local\Temp\d5f8600e-7b16-455a-83d9-f27144b83db9.dll
C:\Users\WingMaker\AppData\Local\Temp\dfd7ba75-5b1c-479c-84f5-56d821d05cf2.dll
C:\Users\WingMaker\AppData\Local\Temp\difxapi.dll
C:\Users\WingMaker\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\WingMaker\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\WingMaker\AppData\Local\Temp\e9abd1a3-e6a9-494f-9366-2bfad6ef3131.dll
C:\Users\WingMaker\AppData\Local\Temp\eeb1a09f-abf1-49d1-ac34-b1c2a4fd558b.dll
C:\Users\WingMaker\AppData\Local\Temp\f2fvegmp.dll
C:\Users\WingMaker\AppData\Local\Temp\f4a3171d-5273-46e6-adfc-a5dfe9bde93d.dll
C:\Users\WingMaker\AppData\Local\Temp\f5a4881e-8f4b-4517-b70b-cef61f73c499.dll
C:\Users\WingMaker\AppData\Local\Temp\f5e0a37d-f8e1-4793-894a-c514dfa3cbfb.dll
C:\Users\WingMaker\AppData\Local\Temp\f9548f72-3a68-41f6-89bf-26985f5dfe47.dll
C:\Users\WingMaker\AppData\Local\Temp\fa546df8-86c4-471b-8cf6-1623a949578a.dll
C:\Users\WingMaker\AppData\Local\Temp\fc5e860e-0128-4000-a3fc-9a350a6e47cd.dll
C:\Users\WingMaker\AppData\Local\Temp\fd2bef2c-44d9-4a77-93ac-4ef1d0573de5.dll
C:\Users\WingMaker\AppData\Local\Temp\fmrrleak.dll
C:\Users\WingMaker\AppData\Local\Temp\fwk6axmj.dll
C:\Users\WingMaker\AppData\Local\Temp\i4woh6ia.dll
C:\Users\WingMaker\AppData\Local\Temp\ihfhwu5o.dll
C:\Users\WingMaker\AppData\Local\Temp\iprd_un.dll
C:\Users\WingMaker\AppData\Local\Temp\jvtby-ma.dll
C:\Users\WingMaker\AppData\Local\Temp\lln2wfpa.dll
C:\Users\WingMaker\AppData\Local\Temp\mbam-setup.exe
C:\Users\WingMaker\AppData\Local\Temp\myex31nh.dll
C:\Users\WingMaker\AppData\Local\Temp\o5wh23fx.dll
C:\Users\WingMaker\AppData\Local\Temp\pfmc8v-s.dll
C:\Users\WingMaker\AppData\Local\Temp\Quarantine.exe
C:\Users\WingMaker\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\WingMaker\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\WingMaker\AppData\Local\Temp\slchkzym.dll
C:\Users\WingMaker\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\WingMaker\AppData\Local\Temp\WdfCoInstaller01009.dll
C:\Users\WingMaker\AppData\Local\Temp\y93tfl3t.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-02 10:31

==================== End Of Log ============================

 

ADDITION.TXT results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by WingMaker at 2014-03-16 17:48:29
Running from C:\Users\WingMaker\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Immunet 3.0 (Disabled - Up to date) {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware (Disabled - Up to date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware (Disabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.0 - )
1ClickCashBotSniper (HKLM-x32\...\{C5754F4D-F041-4843-BB87-9C6AD3DF33C2}) (Version: 1.0.0 - 1ClickCashBot.com)
1ClickCashBotXtreme (HKLM-x32\...\{6C4C5290-2092-4657-9C0D-DAC9A0934F34}) (Version: 1.0.0 - 1ClickCashBot.com)
Action Enforcer (HKLM-x32\...\Action Enforcer_is1) (Version:  - Dennis Becker d.b.a. MDM Sports)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM-x32\...\{cc937cbc-4be2-4227-9660-ff2f2a1d9467}) (Version: 10.0.185.3207 - Lavasoft Limited)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Affiliate Pro Machine (HKLM-x32\...\Affiliate Pro Machine_is1) (Version:  - )
Amazon Dominator version 1.0 (HKLM-x32\...\{4C0532C1-837C-4D06-9DF6-B064AD3E5214}_is1) (Version: 1.0 - Amazon Dominator)
Ant.com IE add-on (HKLM-x32\...\{B795F380-D3D6-4EA4-A4BB-27FC2FB0F8B2}) (Version: 2.2.3.1074 - Ant.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Ask.com) <==== ATTENTION
AuthorityHub (HKLM-x32\...\BlueprintMarketing.AuthorityHub.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1) (Version: 1.06 - UNKNOWN)
AuthorityHub (x32 Version: 1.06 - UNKNOWN) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
Azon Keyword Generator (HKLM-x32\...\Azon Keyword Generator3.0.0.0) (Version: 3.0.0.0 - InnAnTech Industries Inc.)
Azon Top 100 Analyzer (HKLM-x32\...\Azon Top 100 Analyzer3.0.0.3) (Version: 3.0.0.3 - InnAnTech Industries Inc.)
Backlink Machine version 1.0 (HKLM-x32\...\{997B8106-9B7F-4FEC-8BCE-70E3906460C4}_is1) (Version: 1.0 - Backlink Machine)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
blinkx beat (HKCU\...\blinkx beat) (Version: 1.5.0 - blinkx)
Blueprint Browser (HKLM-x32\...\BlueprintMarketing.BlueprintBrowser.44EF7824FB84172EAACC4D9883F175D6529725D7.1) (Version: 1.06 - UNKNOWN)
Blueprint Browser (x32 Version: 1.06 - UNKNOWN) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buttons & OSDs control application gen3 (HKLM-x32\...\{BF6B7982-9189-4765-9DD3-039CE6D69C0C}) (Version: 1.0.3.0 - Hewlett-Packard)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
CommissionMultiplier (HKLM-x32\...\{CFEAD106-F7EB-46B9-8E38-7C86C91F610E}) (Version: 1.1.0 - CommissionAutopilot.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel Paint it! touch - IPM (x32 Version: 1.1 - Corel Corporation) Hidden
Crazy Clickbank Cash (HKLM\...\Crazy Clickbank Cash) (Version: 1.0.4 - Crazy Clickbank Cash)
Crazy Clickbank Cash Link Spy (HKLM\...\Crazy Clickbank Cash Link Spy) (Version: 1.0.0 - Crazy Clickbank Cash Link Spy)
Crazy Clickbank Cash URL Spy (HKLM\...\Crazy Clickbank Cash URL Spy) (Version: 1.0.4 - Crazy Clickbank Cash URL Spy)
CrazyClickbankCashSubmitter (HKLM-x32\...\{3A29CD0E-64E5-4D1B-B4FC-CCC7F5F55DFE}) (Version: 1.0.0 - Crazycbcash.com)
Crossrider Web Apps (HKLM-x32\...\Crossrider) (Version:  - ) <==== ATTENTION
Crowd Force (HKLM-x32\...\CrowdForce) (Version: 0.0.7 - UNKNOWN)
Crowd Force (x32 Version: 0.0.7 - UNKNOWN) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU)
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Dynamic Auto-Painter x64 PRO version 3.1 (HKLM\...\{30994599-9734-455F-B51D-7E5E987AFA2A}_is1) (Version: 3.1 - Mediachance.com)
Easy Click Commissions version 1.0.2 (HKLM-x32\...\{72C3E37C-CE06-4063-95DF-80F5CBAAEE3B}_is1) (Version: 1.0.2 - )
Easy Click Commissions version 1.0.2 (HKLM-x32\...\{E616CEAC-7898-4FC9-A44E-0F8984ACC807}_is1) (Version: 1.0.2 - )
Ebook Niche Explorer (HKLM-x32\...\EbookNicheExplorer) (Version: 2.0.9 - James J Jones LLC)
Ebook Niche Explorer (x32 Version: 2.0.9 - James J Jones LLC) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
fb ADMAKER (HKLM-x32\...\fbADMAKER) (Version: 1.0 - UNKNOWN)
fb ADMAKER (x32 Version: 1.0 - UNKNOWN) Hidden
File1 Package Manager (HKLM-x32\...\{8A50D93C-79EE-425C-9464-3550978F4E56}) (Version: 0.1.2.75 - Helios Technologies)
FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
GetFLV 9.5.2.9 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.11 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RC Mirror Driver (x32 Version: 2.0.0.1 - Hewlett-Packard) Hidden
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{5F10FEF8-0538-4BB7-9020-E553C85427E9}) (Version: 3.0.35.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}) (Version: 3.0.0008 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{6295D2D0-11CB-48F6-A2CF-0E2917A17369}) (Version: 3.1.3532.29998 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{5F12B024-2681-4080-9B24-918D04A8E609}) (Version: 1.1.3611.25561 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{053BC793-EB2F-48B6-AB61-6B76CCCCB041}) (Version: 3.0.3572.25998 - Hewlett-Packard)
HP TouchSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP TouchSmart Live TV (x32 Version: 3.1.2206 - Hewlett-Packard) Hidden
HP TouchSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP TouchSmart Music/Photo/Video (x32 Version: 3.1.3422 - Hewlett-Packard) Hidden
HP TouchSmart Notes (HKLM-x32\...\{2DBE7159-9081-4DDB-B8DB-31692A41008F}) (Version: 3.1.3544.29053 - Hewlett-Packard)
HP TouchSmart Paint it! by Corel - Content (x32 Version: 1.0 - Your Company Name) Hidden
HP TouchSmart Paint it! by Corel - Core (x32 Version: 1.0 - Corel Corporation) Hidden
HP TouchSmart Paint it! by Corel - ICA (x32 Version: 1.0 - Hewlett-Packard) Hidden
HP TouchSmart Paint it! by Corel - Langauge (x32 Version: 1.0 - Your Company Name) Hidden
HP TouchSmart Paint it! by Corel - Langauge (x32 Version: 1.0 - 会社名) Hidden
HP TouchSmart Paint it! by Corel (HKLM-x32\...\_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}) (Version: 1.5.0.96 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{DC1B85D9-A1DB-4AED-9447-0744CDF68F66}) (Version: 2.5.3809.27769 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}) (Version: 3.0.0006 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{ABB2A845-DD44-4147-95CD-6C18271E5EC2}) (Version: 3.0.5.2 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2219 - Hewlett-Packard)
HP TouchSmart Webcam (x32 Version: 3.1.2219 - Hewlett-Packard) Hidden
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Image Easy (HKLM-x32\...\ImageEasy) (Version: 1.5.2 - James J Jones LLC)
Image Easy (x32 Version: 1.5.2 - James J Jones LLC) Hidden
Immunet 3.0 (HKLM-x32\...\Immunet Protect) (Version: 3.0.13.9411 - Sourcefire, Inc.)
Instant Article Suite v1.10 (HKLM-x32\...\Instant Article Suite_is1) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2102 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Keyword Blaze (HKLM-x32\...\com.blueprintcentral.keywordblaze) (Version: 1.4.7 - UNKNOWN)
Keyword Blaze (x32 Version: 1.4.7 - UNKNOWN) Hidden
Keyword Optimizer Pro 2 (HKLM-x32\...\Keyword Optimizer Pro 22.0.1.6) (Version: 2.0.1.6 - InnAnTech Industries Inc.) <==== ATTENTION
Keyword Suggest Bloodhound (HKLM-x32\...\TNRKeywordSuggestBloodhound) (Version: 0.0.91 - James J Jones LLC)
Keyword Suggest Bloodhound (x32 Version: 0.0.91 - James J Jones LLC) Hidden
Keyword Tool (HKLM-x32\...\KeywordTool) (Version: 1.0.7 - Yellowbird Publishing LLC)
Keyword Tool (x32 Version: 1.0.7 - Yellowbird Publishing LLC) Hidden
KeywordAdvantage (HKLM-x32\...\KeywordAdvantage) (Version:  - )
Kindle Game Book Creator (HKLM-x32\...\KindleGameBook) (Version: 2.0.2 - James J Jones LLC)
Kindle Game Book Creator (x32 Version: 2.0.2 - James J Jones LLC) Hidden
K-Lite Codec Pack 7.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LinkBox (HKLM-x32\...\com.bip.linkbox.44EF7824FB84172EAACC4D9883F175D6529725D7.1) (Version: 1.1.107 - UNKNOWN)
LinkBox (x32 Version: 1.1.107 - UNKNOWN) Hidden
Low Hanging Traffic 2.0 (HKLM-x32\...\LowHangingTrafficND) (Version: 2.0.2 - James J Jones LLC)
Low Hanging Traffic 2.0 (x32 Version: 2.0.2 - James J Jones LLC) Hidden
Mage Monster (HKLM-x32\...\{0A0E1B06-31BE-4174-9822-B8E807195B60}) (Version: 1.1.0 - None provided)
Magic Article Rewriter (HKLM-x32\...\{BEDE6836-8ED5-4444-B895-CE54968CFC4C}) (Version: 1.8.4 - Koe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Review Cash version 1.0 (HKLM-x32\...\{DC92ACF4-2A4F-44C9-8C32-D33E1A79723E}_is1) (Version: 1.0 - Mass Review Cash)
Micro Niche Domain Finder version 0.31 (HKLM-x32\...\{5124BBB9-4A30-4306-BC27-ED986E860BE7}_is1) (Version: 0.31 - The Net Results)
Micro Niche Finder 5.0 (HKLM-x32\...\Micro Niche Finder 5.0_is1) (Version: 5.7.37.0 - James J. Jones, LLC.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Niche Domain Finder (HKLM-x32\...\TNRNicheDomainFinder) (Version: 0.1.06 - James J Jones LLC)
Niche Domain Finder (x32 Version: 0.1.06 - James J Jones LLC) Hidden
OfferEvaluator (HKLM-x32\...\CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1) (Version: 1.04 - UNKNOWN)
OfferEvaluator (x32 Version: 1.04 - UNKNOWN) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Package: Tony de Bree´s Tip Article Creator 1.0 (HKLM-x32\...\TonydeBree´sNicheArticleGenerator6.5) (Version: 1.0 - Tony de Bree, Go4estrategy Consulting)
PeerGuardian 2.0 (HKLM\...\PeerGuardian_is1) (Version: 2.1.0.2 - Methlabs Productions)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PLR Article Manager (HKLM-x32\...\{0CB22242-8327-428A-80B2-A64684E56639}) (Version: 1.0.0 - SNV Infotech)
Portal Traffic Attractor (HKCU\...\77991d7d505fd911) (Version: 1.0.0.3 - Portal Traffic Attractor)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapid Content Wizard (HKCU\...\60edbb69673a22f9) (Version: 1.0.0.6 - Rapid Content Wizard)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SERPy (HKLM-x32\...\CommissionBlueprint.SERPy.A24874ABA585E72CC832DED473DD4E8BBFF88E58.1) (Version: 1.03 - UNKNOWN)
SERPy (x32 Version: 1.03 - UNKNOWN) Hidden
Simple Sites Big Profits 2011 1.22.00 (HKLM-x32\...\Simple Sites Big Profits 2011 1.22.00) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartCreator (HKLM-x32\...\com.magicmedia.smartcreator) (Version: 1.6.13 - UNKNOWN)
SmartCreator (x32 Version: 1.6.13 - UNKNOWN) Hidden
Sothink FLV Player (HKLM-x32\...\{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1) (Version: 2.3 - SourceTec Software Co., LTD)
Speedy Book Publisher 1.2.91 (HKLM-x32\...\{DA9A5951-6F3C-4C19-98C8-901ABFCCBE6E}) (Version: 1.2.91 - Speedy Publishing LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.53.1000 - SUPERAntiSpyware.com)
The Ultimate PLR Article Collection (HKLM-x32\...\The Ultimate PLR Article Collection_is1) (Version: 1.0.23.0 - James J. Jones, LLC.)
Traffic Evolution (HKLM-x32\...\Traffic Evolution) (Version: 1.8.0 - )
Traffic Travis 3.3.36 (HKLM-x32\...\Traffic Travis_is1) (Version:  - Affilorama Ltd.)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104 - TuneUp Software) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.5.1 - Tweaking.com)
UltimateDomainFinder (HKLM-x32\...\UltimateDomainFinder) (Version: v0.07 - UNKNOWN)
UltimateDomainFinder (x32 Version: 0.07 - UNKNOWN) Hidden
Update or Uninstall SENukeX (HKCU\...\065b42c809538e1c) (Version: 1.0.0.149 - SENukeX)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Word Wizard (HKLM-x32\...\{CAA5CA1E-B94E-406E-A55B-DA0571460B00}) (Version: 1.1.0 - Wordpress Mage)
XMind 2012 (v3.3.1) (HKLM-x32\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)

==================== Restore Points  =========================

03-03-2014 23:27:34 Windows Update
04-03-2014 19:33:41 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-04 15:50 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01E09EA3-DF3A-4B54-880E-961E03FECD0D} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20] (PcWinTech.com)
Task: {02BB6A49-C0A5-4AE3-ACDC-D604758B212E} - System32\Tasks\{65A53D8D-7276-456E-A77A-CBB51707752C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {0A38AB17-893C-4BAF-AF79-1C8E72946678} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-07] (CL)
Task: {0FE25182-AFD8-41A6-8801-8677586E8E31} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {1306B6ED-D45B-4D63-A283-CCE1A7B23B73} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {15344292-9196-426F-8106-A91562CA763A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {1D440725-E24A-42F2-B173-098A77773684} - System32\Tasks\DTReg => C:\Users\WingMaker\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {26534AD1-3A62-4374-B604-2695DBA77F03} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {2C6356E4-3AB6-4273-8F33-B13A1607FE7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {40592469-F7D0-450D-ADF4-0841D4932DB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-56375958-279248657-2564932593-1001Core => C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {47017FDE-9035-4107-8326-FE59C9510438} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {5159E680-1EF4-445B-8C0E-317AA92C82B4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {56E83344-CE4C-4901-919B-9F4E82634929} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {5792CD58-51D8-4C18-86A1-6E43275101CB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {60FDD463-6743-4F13-9C2C-303BC5A88099} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02] (Google Inc.)
Task: {62A37598-F362-4663-B918-5DD3253F43B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {6FF505D6-F988-4F73-9D3E-3F8B08A44B18} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {772BBAD0-B229-41C6-AE8C-0E7C3E377554} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {7B3662E2-4438-400B-B29D-6712D4EC89C2} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-07] (CyberLink Corp.)
Task: {8FADD433-F611-45FC-BF0F-AFD7ED308688} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {94579644-0F68-43A8-B470-240CDBF2FBBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02] (Google Inc.)
Task: {9B36CBB6-7E42-4833-B657-831252BA620D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-56375958-279248657-2564932593-1001UA => C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {A867CBBD-8CE1-4573-A824-FB06F152A448} - System32\Tasks\Google Updater and Installer => C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {B676F8A1-2FEE-4827-B041-5A7ABB5E274A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
Task: {B67E1B59-52AE-40C7-9268-2472AD7220DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE2F2148-D4AF-445A-8594-6B782B48A38F} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-07] (CL)
Task: {DD8C0CD6-786C-4E24-9069-47DEBFB75EE4} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-07] (CL)
Task: {F2752E24-A2AD-4870-BE6D-77FD4D8CF5E0} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56375958-279248657-2564932593-1001Core.job => C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56375958-279248657-2564932593-1001UA.job => C:\Users\WingMaker\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_9D6AE230-A638-11E3-8A55-7071BC465303.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_FCAEBB80-A635-11E3-8A55-7071BC465303.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-05-07 17:22 - 2011-03-02 15:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-03-16 17:26 - 2014-03-16 17:26 - 01950720 _____ () C:\Users\WingMaker\Downloads\AdwCleaner.exe
2011-01-19 12:20 - 2011-01-19 12:20 - 00308560 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Engine\Vipre.dll
2012-04-10 11:34 - 2014-02-07 11:24 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions\libBase64.dll
2012-04-10 11:34 - 2014-02-07 11:24 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions\libMachoUniv.dll
2013-12-18 14:42 - 2013-12-18 14:42 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-07-27 16:51 - 2012-07-27 16:51 - 06549432 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
2014-02-15 13:40 - 2014-02-15 13:42 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-28 17:19 - 2011-08-28 17:19 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-02-20 21:05 - 2014-02-20 21:05 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\WingMaker\Downloads\Your Samsung Order PO 0454-141770.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^WingMaker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Buttons & OSDs control application gen3 => c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP KEYBOARDx => "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lsphelper => C:\Program Files (x86)\LightSpeedPC\lsphelper.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 05:27:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2014 00:42:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2014 00:38:22 PM) (Source: Microsoft Security Client Setup) (User: Pegasus)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (03/11/2014 00:36:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2014 00:05:15 PM) (Source: Microsoft Security Client Setup) (User: Pegasus)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (03/10/2014 05:04:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2014 05:03:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2014 09:29:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2014 00:08:54 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - Ad-Aware Antivirus; Error = 0x8007043c).

Error: (03/10/2014 00:07:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/16/2014 05:27:00 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (03/16/2014 04:58:13 PM) (Source: DCOM) (User: )
Description: 1084TuneUp.UtilitiesSvc{5EF1CF5D-87A9-434B-8786-2A08E1C30F6C}

Error: (03/16/2014 04:44:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:44:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:44:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:42:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:42:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:42:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:42:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/16/2014 04:42:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/16/2014 05:27:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2014 00:42:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe

Error: (03/11/2014 00:38:22 PM) (Source: Microsoft Security Client Setup)(User: Pegasus)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (03/11/2014 00:36:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe

Error: (03/11/2014 00:05:15 PM) (Source: Microsoft Security Client Setup)(User: Pegasus)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (03/10/2014 05:04:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe

Error: (03/10/2014 05:03:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe

Error: (03/10/2014 09:29:11 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe

Error: (03/10/2014 00:08:54 AM) (Source: System Restore)(User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - Ad-Aware Antivirus0x8007043c

Error: (03/10/2014 00:07:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\WingMaker\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2012-12-23 17:11:11.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-23 17:11:11.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3831.11 MB
Available physical RAM: 1869.92 MB
Total Pagefile: 7660.41 MB
Available Pagefile: 5719.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.46 GB) (Free:679.35 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.96 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Mar 16 2014) (CDROM) (Total:0.56 GB) (Free:0.28 GB) UDF
Drive h: (LaCie) (Fixed) (Total:465.76 GB) (Free:18.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 454C79B6)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Homework done... thanks a bunch!

 

Jordan


Edited by wingmaker, 16 March 2014 - 05:01 PM.


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 16 March 2014 - 07:18 PM

Hello,

Sorry about that - those were outdated instructions. Please click the "Clean" button.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 March 2014 - 11:30 PM

No worries... just wanted to double check and make certain I was doing the right thing.  :)

 

So I did as you instructed... cleaned the computer with AdwCleaner. 

 

On restart... I got to the windows login screen, typed in my password, watched as windows was loading... and after I read preparing desktop... it hung forever and the screen went black with only the cursor showing.  No change, I can only run the computer from SAFE MODE with networking. 

 

I have to say however, my FireFox had all these ad links imbedded in text and pop ups either on the site or redirecting to another window, which is now all gone after this cleaning.  YAY!

 

So we've made progress with malware removal but my computer is unable to run windows normally - I can never get to the desktop.

 

Awaiting further instructions. 

 

Thanks again!


Edited by wingmaker, 16 March 2014 - 11:31 PM.


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 17 March 2014 - 11:00 AM

On restart... I got to the windows login screen, typed in my password, watched as windows was loading... and after I read preparing desktop... it hung forever and the screen went black with only the cursor showing.  No change, I can only run the computer from SAFE MODE with networking. 

 

We'll take care of that in the coming posts. :)

 

I have to say however, my FireFox had all these ad links imbedded in text and pop ups either on the site or redirecting to another window, which is now all gone after this cleaning.  YAY!

 

Glad to hear we're making progress. :thumbup2:

 

As for further instructions, it will take me some time to look through the FRST log and create a script. I will reply ASAP.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 18 March 2014 - 11:50 PM

Hello wingmaker,

 

Just to update you I am still waiting on approval from my instructor. Sorry for the delay. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 March 2014 - 07:27 AM

Thank you Cody, I appreciate the news.  :clapping:

 

I've been unable to do my work now since March 5th... :smash:  

so I'm eager to fix my ailing PC and try to catch up.   :bounce:

 

You guys are puter rock stars!

 

Cheers!


Edited by wingmaker, 19 March 2014 - 07:28 AM.


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:46 AM

Posted 19 March 2014 - 09:05 AM

Hello wingmaker,

 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

 

-----------------------------------------------------------------------------------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    txt.gif  fixlist.txt   3.04KB   5 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

-----------------------------------------------------------------------------------------------

 

Lastly, please provide a fresh FRST Scan log and let me know how your computer is doing.  :)


Edited by TheShooter93, 19 March 2014 - 09:05 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 March 2014 - 03:28 PM

Hi TheShooter93...

 

Yes I hear you loud and clear about BitTorrent...  I installed that last year.. used it about 3 times to download movies from a clean site and never keep the program running.  I have uninstalled it, as suggested.  :)  I play a flash game but it's not P2P and I will not be doing that either.  :)

 

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    txt.gif  fixlist.txt   3.04KB   5 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

  • I saved the FRST64.exe to desktop, then I created a folder and moved the FRST64.exe and FRST.txt files inside that folder on my desktop, is that okay? Next I will add the fixlist.txt to the same folder.  Or do I just leave the FRST64.exe on my desktop, along with the FRST.txt and fixlist.txt files?

 

  • I get the following error message when trying to download fixlist.txt file:

 

"Sorry, you don't have permission for that!

                             You do not have permission to view this attachment."

 

I can assure you that I'm logged in when attempting to download it.  So I'm stuck, please advise...

 

  • Finally, I'm confused about the process - there is no FRST.exe file, just a FRST64.txt file.  You want me to run FRST64.exe  in the folder on my desktop where the FRST.txt file is also situated, correct?  I am to click on RUN then FIX, correct?

 

  • If my computer restarts, you want me to leave it go to NORMAL MODE?   To date Windows cannot load unless in SAFE MODE, just want to be clear on that.  If the computer hangs... and goes black...  how do I know that the program is running or not?

 

Please advise... and thanks!

 

Jordan


Edited by wingmaker, 19 March 2014 - 03:44 PM.


#15 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 20 March 2014 - 10:45 AM

Hello TheShooter93...

 

I'm still unable to download the fixlist.txt file... please advise as I'm still stuck.  :(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users