Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with virus that slows pc and redirects url


  • This topic is locked This topic is locked
13 replies to this topic

#1 rogueish1

rogueish1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 March 2014 - 08:46 PM

PC slows down

Redirects url

Stops responding when surfing internet

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.5.1
Run by Rogue7 at 21:25:29 on 2014-03-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1024.146 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\PROGRA~1\SMILEY~2\bar\1.bin\1vbarsvc.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01F3A851-2CEF-4046-8433-A8BB64CDDE0F}\27F67657569637862656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1D6E4938-10AB-45DE-954B-2D5CA4E0F6CD} : DHCPNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{244DDEA2-C380-4CCC-A266-FE4DE277F975} : DHCPNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{34462C98-2B20-41D1-BF11-DF1CD04B96CA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{34462C98-2B20-41D1-BF11-DF1CD04B96CA}\36869636B656E67237022656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{351A6EDC-6D17-45B3-B38F-71A4C88DA743} : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
TCP: Interfaces\{7521A8FD-2EC9-45DD-A517-FF997104ADE0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{786A6E16-A5AA-4C30-9BAE-92E84863F8F8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C48B83B0-2DBD-4509-ABB4-3FA85E7159A9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CDC5DC2B-3341-4E16-B507-F21158747DC5}\27F67657569637862656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87}\434786C496E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87}\434786C496E6B6379737D27657563747 : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.33.1
TCP: Interfaces\{EDDB2726-C7B2-4D93-AE6E-34D2E82D13DE} : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - component: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}\components\dtTransparency.dll
FF - component: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}\components\dtTransparency3.5.dll
FF - component: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\smileycentral_1v\bar\1.bin\NP1vStub.dll
FF - plugin: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1205146.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-11-3 61296]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-10-4 67584]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000w7.sys [2010-9-2 841504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-8-10 36608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-13 108032]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-13 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
.
=============== Created Last 30 ================
.
2014-03-15 01:32:39    7947048    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{76edd555-5011-4044-818f-73b9b08ba126}\mpengine.dll
2014-03-13 03:13:47    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 03:13:40    381440    ----a-w-    c:\windows\system32\wer.dll
2014-02-28 02:04:52    --------    d-----w-    c:\windows\pss
2014-02-28 01:56:43    --------    d-----w-    c:\program files\McAfee Security Scan
.
==================== Find3M  ====================
.
2014-03-12 05:07:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 05:07:34    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 21:27:17.71 ===============



Attached File  attach.txt   7.82KB   0 downloads


Edited by rogueish1, 27 March 2014 - 08:48 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 01 April 2014 - 08:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/529058 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 08:17 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.5.1
Run by Rogue7 at 8:49:15 on 2014-04-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1024.318 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\PROGRA~1\SMILEY~2\bar\1.bin\1vbarsvc.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Wondershare Helper Compact.exe] "c:\program files\common files\wondershare\wondershare helper compact\WSHelperSetup.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01F3A851-2CEF-4046-8433-A8BB64CDDE0F}\27F67657569637862656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1D6E4938-10AB-45DE-954B-2D5CA4E0F6CD} : DHCPNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{244DDEA2-C380-4CCC-A266-FE4DE277F975} : DHCPNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{34462C98-2B20-41D1-BF11-DF1CD04B96CA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{34462C98-2B20-41D1-BF11-DF1CD04B96CA}\36869636B656E67237022656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{351A6EDC-6D17-45B3-B38F-71A4C88DA743} : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
TCP: Interfaces\{7521A8FD-2EC9-45DD-A517-FF997104ADE0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{786A6E16-A5AA-4C30-9BAE-92E84863F8F8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C48B83B0-2DBD-4509-ABB4-3FA85E7159A9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CDC5DC2B-3341-4E16-B507-F21158747DC5}\27F67657569637862656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87}\434786C496E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87}\434786C496E6B6379737D27657563747 : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.33.1
TCP: Interfaces\{EDDB2726-C7B2-4D93-AE6E-34D2E82D13DE} : DHCPNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - component: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}\components\dtTransparency.dll
FF - component: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}\components\dtTransparency3.5.dll
FF - component: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\smileycentral_1v\bar\1.bin\NP1vStub.dll
FF - plugin: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: c:\users\rogue7\appdata\roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1205146.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-11-3 61296]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-10-4 67584]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 SmileyCentral_1vService;SmileyCentral Service;c:\progra~1\smiley~2\bar\1.bin\1vbarsvc.exe [2010-12-24 28766]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-8-1 719512]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000w7.sys [2010-9-2 841504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-3-27 80184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-8-10 36608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-13 108032]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-13 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
.
=============== Created Last 30 ================
.
2014-04-06 12:44:03    7969936    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{5f7f745a-5a0d-4884-9b74-120ec652d6f1}\mpengine.dll
2014-03-28 03:24:07    851176    ----a-w-    c:\windows\system32\WinUSBCoInstaller2.dll
2014-03-28 03:24:07    80184    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2014-03-28 03:24:07    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-03-28 03:17:32    --------    d-----w-    c:\users\rogue7\appdata\local\Wondershare
2014-03-28 03:17:30    --------    d-----w-    c:\program files\common files\Wondershare
2014-03-28 03:17:09    --------    d-----w-    c:\users\rogue7\appdata\roaming\Wondershare
2014-03-28 03:17:09    --------    d-----w-    c:\users\rogue7\.android
2014-03-28 03:17:08    --------    d--h--w-    c:\program files\DrFoneAndroid_Temp
2014-03-28 03:17:08    --------    d-----w-    c:\program files\Wondershare
2014-03-28 03:04:42    --------    d-----w-    c:\program files\Tenorshare Android Data Recovery
2014-03-13 03:13:47    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 03:13:40    381440    ----a-w-    c:\windows\system32\wer.dll
.
==================== Find3M  ====================
.
2014-03-12 05:07:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 05:07:34    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH:  8:50:45.32 ===============
 

 

Attached File  attach.txt   8.02KB   0 downloads

 

No Windows CD

Attached Files

  • Attached File  dds.txt   13.53KB   1 downloads

Edited by rogueish1, 06 April 2014 - 08:19 AM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:27 PM

Posted 06 April 2014 - 08:27 AM

:welcome:

Hello rogueish1,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 09:17 AM

Hello Jo :)

 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 45  
 Java™ 6 Update 3  
 Java version out of Date!
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox 17.0.1 Firefox out of Date!  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#6 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 09:50 AM

OTL logfile created on: 4/6/2014 10:20:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rogue7\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.55 Mb Total Physical Memory | 618.57 Mb Available Physical Memory | 60.43% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.38 Gb Total Space | 227.05 Gb Free Space | 81.27% Space Free | Partition Type: NTFS
 
Computer Name: ROGUE7-PC | User Name: Rogue7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rogue7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files\SmileyCentral_1v\bar\1.bin\1vbarsvc.exe (SmileyCentral)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (SmileyCentral_1vService) -- C:\Program Files\SmileyCentral_1v\bar\1.bin\1vbarsvc.exe (SmileyCentral)
SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\Users\Rogue7\AppData\Local\Temp\mbr.sys File not found
DRV - (catchme) -- C:\Users\Rogue7\AppData\Local\Temp\catchme.sys File not found
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (vsock) -- C:\Windows\System32\drivers\vsock.sys (VMware, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetn62.sys (VIA Technologies, Inc.              )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (AE1000) -- C:\Windows\System32\drivers\ae1000w7.sys (Ralink Technology Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AB B0 98 52 75 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS356
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: newtaburl%40sogame.cat:2.2.3
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B1392b8d2-5c05-419f-a8f6-b9f15a596612%7D:10.23.0.822
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "https://www.google.com/search?q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SmileyCentral_1v.com/Plugin: C:\Program Files\SmileyCentral_1v\bar\1.bin\NP1vStub.dll (SmileyCentral)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1vffxtbr@SmileyCentral_1v.com: C:\Program Files\SmileyCentral_1v\bar\1.bin [2010/12/24 23:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 20:14:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 20:14:58 | 000,000,000 | ---D | M]
 
[2010/01/17 00:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Extensions
[2014/04/06 08:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions
[2013/12/17 22:34:50 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/19 23:33:04 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}
[2014/04/06 08:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\staged
[2012/11/10 18:13:49 | 000,051,994 | ---- | M] () (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\newtaburl@sogame.cat.xpi
[2012/11/10 18:27:50 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/11/20 21:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 19:32:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\Rogue7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\Rogue7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2011/10/09 16:01:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Wondershare Helper Compact.exe] "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6E4938-10AB-45DE-954B-2D5CA4E0F6CD}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244DDEA2-C380-4CCC-A266-FE4DE277F975}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34462C98-2B20-41D1-BF11-DF1CD04B96CA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351A6EDC-6D17-45B3-B38F-71A4C88DA743}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7521A8FD-2EC9-45DD-A517-FF997104ADE0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{786A6E16-A5AA-4C30-9BAE-92E84863F8F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48B83B0-2DBD-4509-ABB4-3FA85E7159A9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDDB2726-C7B2-4D93-AE6E-34D2E82D13DE}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/06 10:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rogue7\Desktop\OTL.exe
[2014/03/27 23:24:07 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2014/03/27 23:24:07 | 000,851,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller2.dll
[2014/03/27 23:24:07 | 000,080,184 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/03/27 23:17:32 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\AppData\Local\Wondershare
[2014/03/27 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2014/03/27 23:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2014/03/27 23:17:09 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\AppData\Roaming\Wondershare
[2014/03/27 23:17:09 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\.android
[2014/03/27 23:17:08 | 000,000,000 | -H-D | C] -- C:\Program Files\DrFoneAndroid_Temp
[2014/03/27 23:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2014/03/27 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare Android Data Recovery
[2014/03/27 23:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Tenorshare Android Data Recovery
[2014/03/13 21:56:43 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/13 21:56:33 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/13 21:56:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/13 21:56:33 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/13 21:56:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/13 21:56:32 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/13 21:56:32 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/13 21:56:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/13 21:56:31 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/13 21:56:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/13 21:56:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/13 21:56:25 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/13 21:56:20 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/13 21:56:20 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/13 21:56:18 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/13 21:56:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/13 21:56:17 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/13 21:56:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/12 23:13:47 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/12 23:13:40 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\Rogue7\Desktop\VMLINUZ.
[2014/04/06 10:28:36 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 10:09:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rogue7\Desktop\OTL.exe
[2014/04/06 10:07:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/06 10:01:32 | 000,987,448 | ---- | M] () -- C:\Users\Rogue7\Desktop\SecurityCheck.exe
[2014/04/06 09:45:52 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 09:45:52 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 08:18:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 20:47:19 | 000,626,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/05 20:47:19 | 000,107,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/05 20:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/05 20:42:16 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 20:52:22 | 000,034,491 | ---- | M] () -- C:\Users\Rogue7\Desktop\cart.PNG
[2014/03/28 21:36:17 | 000,007,597 | ---- | M] () -- C:\Users\Rogue7\AppData\Local\Resmon.ResmonCfg
[2014/03/28 04:48:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2014/03/27 23:29:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/03/27 23:24:08 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller2.dll
[2014/03/27 23:24:07 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2014/03/27 23:24:07 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/03/27 23:17:21 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for Android.lnk
[2014/03/27 23:14:29 | 000,001,192 | ---- | M] () -- C:\Users\Rogue7\Desktop\Tenorshare Android Data Recovery.lnk
[2014/03/15 12:39:19 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/15 00:59:54 | 000,135,129 | ---- | M] () -- C:\Users\Rogue7\Desktop\Capture.PNG
[2014/03/14 00:08:33 | 000,308,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/12 01:07:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/12 01:07:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Users\Rogue7\Desktop\VMLINUZ.
[2014/04/06 10:01:29 | 000,987,448 | ---- | C] () -- C:\Users\Rogue7\Desktop\SecurityCheck.exe
[2014/03/30 20:50:38 | 000,034,491 | ---- | C] () -- C:\Users\Rogue7\Desktop\cart.PNG
[2014/03/27 23:29:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/03/27 23:17:21 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for Android.lnk
[2014/03/27 23:04:43 | 000,001,192 | ---- | C] () -- C:\Users\Rogue7\Desktop\Tenorshare Android Data Recovery.lnk
[2014/03/15 00:56:38 | 000,135,129 | ---- | C] () -- C:\Users\Rogue7\Desktop\Capture.PNG
[2011/08/18 20:29:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/17 16:56:24 | 000,007,597 | ---- | C] () -- C:\Users\Rogue7\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/20 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\acccore
[2012/02/06 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\GetRightToGo
[2011/08/12 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\ML
[2011/08/23 20:04:24 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\Samsung
[2011/08/14 14:34:13 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\SAMSUNG Drivers Update Utility
[2013/01/06 18:24:52 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\uTorrent
[2014/03/27 23:17:09 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 

< End of report >



#7 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 09:51 AM

OTL Extras logfile created on: 4/6/2014 10:20:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rogue7\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.55 Mb Total Physical Memory | 618.57 Mb Available Physical Memory | 60.43% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.38 Gb Total Space | 227.05 Gb Free Space | 81.27% Space Free | Partition Type: NTFS
 
Computer Name: ROGUE7-PC | User Name: Rogue7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0760AAE0-1370-4BE6-847A-9313F10397AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A0FB08E-CF62-4F35-A0B8-BA32B6517184}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CAD6DA2-0F30-491B-96AB-D1D3F1207F06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1077BA2A-4DFA-4A25-852E-C051F9D83E3E}" = lport=139 | protocol=6 | dir=in | app=system |
"{224857A6-4A62-4731-B376-35914212FBAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24BA30D4-D7ED-4089-A5D4-6FA07E3742BB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2705806B-A7EA-49B2-8A37-655939ACC686}" = rport=445 | protocol=6 | dir=out | app=system |
"{29BD004A-30D5-4276-95B0-B211C6A40711}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35D19B82-019F-4203-8E75-35EF6EF473E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E805F9C-3C74-4FC1-8C60-87CD198FCE33}" = lport=137 | protocol=17 | dir=in | app=system |
"{43D12AFC-BF06-4DE1-A0B9-ED85B9FD692F}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D26CE3E-00EF-4DCA-8098-18D86027E692}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{552D3ABC-BECB-4394-AD30-26D5037D1EFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67F1F608-B204-4856-81B0-A8B19DB3037D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6953009C-E75A-4F35-BD46-7D6063C7FE01}" = rport=137 | protocol=17 | dir=out | app=system |
"{75AEE4B8-2DC9-4D39-8F55-9EEDA39B9324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{843CCD49-56A7-43A1-8038-C6BC28E8DB23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8906F1B7-C683-4C83-81C3-DE34002A1C9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9FE8F982-BEB7-4C7B-B367-DAECF61317D5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1EE13A2-B663-4DAF-BAEC-6DDE4B8472B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B358B60E-6464-4908-9E42-971E6C2F6FB4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B8F40795-424B-4F26-8CBA-4E922B552BA0}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{BADA4256-C991-4D34-BF47-4C154D019763}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BCCC6080-ABAD-4D1B-891A-DED8B403256A}" = lport=445 | protocol=6 | dir=in | app=system |
"{C730B7BF-5153-481B-9F67-0EA6DE195BE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D10362E3-3FCF-42C3-8002-8A98A9E6D59E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D3CC9DAD-042D-4BE8-A3CB-E85D89977F8F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DB94D640-F641-40FD-B651-B249B9426430}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{E3E5C423-3E45-4641-89C2-63B88210974F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC8BAAFB-971A-41E7-A910-42C486C20F81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F793AB03-B350-43F6-A95B-D60F20D7AE7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C55FDE-91A8-4E26-BFB8-3A5AB9DBE328}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{03BFEB47-FC79-4B8C-8376-5CA63FCC1CF0}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"{053D154E-E7EB-482F-929C-2FC08DB85112}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{103557E6-A0AE-44CB-A550-02961BB13931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A13ABDF-8B85-4E39-9266-FCFC55ABFDD5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{243F6C0C-8B31-44A3-80CE-DF48D941BE2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2798485E-2CAF-4652-B2F8-A13D66992293}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{506F6441-1966-43AF-8B7A-E4C7E30001FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D6AFDAA-9390-4672-BF82-0EE96FB3884F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6133C5DB-C3EC-4226-8BE5-2562E890F383}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{708680B9-5E85-4B5E-8C2D-F81612DFE8DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{745AB2C6-4312-4505-9B4D-153DBD300D68}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{856BFC65-D89C-4C3D-9CB0-6081105C3244}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{8C26CF54-ED73-4CAE-8A23-D5C879C5698C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E8F1961-4470-4ACE-9A64-921221C256CD}" = protocol=6 | dir=out | app=system |
"{A5A2A252-D64D-4B54-92C1-262B28B4B91C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C32AE8E5-EF2D-4961-B45C-14EF7AF4E911}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C84A1445-610C-4B70-893A-79459882632C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8B4D976-3738-4C62-B538-B0D5E9B98E67}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"{CEF19207-8175-4732-87E9-7D919F3B5274}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D840C0D9-75F3-498F-A2E9-CEE9C8C00934}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DCA467F5-7A08-41AE-B72E-B27D53DCE462}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1E6837E-A610-4CDB-89D1-A30CAEFDBB8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3C332B1-0DD5-48E3-B7EB-A38E51F6C504}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9F7AA55-6708-41AA-8426-FC2BF01C6B0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA13E43F-D2E5-44CB-A051-402F389C474F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F441D66C-2D42-4B79-B957-D6F66062786B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FCCFB163-189C-460A-A436-1446D68E1DA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{90EABC75-8006-44B6-9CD8-347B5B26292F}C:\users\guest\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C58E10AA-82CF-4159-AF4C-C07DC31F2F23}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9782D6FA-BA95-46B7-BB7C-146D1DD75450}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DDB3C7B3-AE7A-4E61-A37B-F3CCB9D8FEB9}C:\users\guest\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1" = Wondershare Dr.Fone for Android(Build 4.0.1.60)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C87E0D98-7955-4BF0-A6B0-5D81146A9CB8}" = Samsung PC Studio 3
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x86
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.3.0.0
"Burn4Free Toolbar" = Burn4Free Toolbar
"CCleaner" = CCleaner
"CobBackup10" = Cobian Backup 10
"ESET Online Scanner" = ESET Online Scanner v3
"Freecorder4.1" = Freecorder
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.53
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Registry Easy_is1" = Registry Easy v5.6
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SmileyCentral_1vbar Uninstall" = SmileyCentral
"Tenorshare Android Data Recovery" = Tenorshare Android Data Recovery
"uTorrent" = µTorrent
"VMware_Player" = VMware Player
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/15/2012 9:23:42 AM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/16/2012 6:55:15 PM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/16/2012 10:46:51 PM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/17/2012 3:00:07 AM | Computer Name = Rogue7-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 4/17/2012 7:15:31 AM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/17/2012 7:03:50 PM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/18/2012 9:15:11 AM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/18/2012 6:45:02 PM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/18/2012 6:48:33 PM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 4/18/2012 10:31:00 PM | Computer Name = Rogue7-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
[ System Events ]
Error - 4/4/2014 7:30:43 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:46:43 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:46:43 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:46:44 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:46:46 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:46:46 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:46:46 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/5/2014 8:48:17 PM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/6/2014 8:16:51 AM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
Error - 4/6/2014 8:17:53 AM | Computer Name = Rogue7-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >



#8 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:27 PM

Posted 06 April 2014 - 10:19 AM


Hello rogueish1,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 01:11 PM

No Malware found

 

# AdwCleaner v3.023 - Report created 06/04/2014 at 13:56:50
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Rogue7 - ROGUE7-PC
# Running from : C:\Users\Rogue7\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\user.js
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found C:\Users\Rogue7\AppData\Local\AskToolbar
Folder Found C:\Users\Rogue7\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\Conduit
Folder Found C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\ConduitCommon
Folder Found C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\Smartbar
Folder Found C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\ValueApps
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Somoto Toolbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9C93EEB-5B7D-4EE1-8B5B-488C7D915C4F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\prefs.js ]

Line Found : user_pref("CT1060933..clientLogIsEnabled", false);
Line Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT1060933./9b+7e+x305.from_oldbar.enc", "JH4nQTM0NjN5RTo9KnIseXp+ejEoMztHSVNGLVhNUD0mPy0uMTVEO0ZOT1tWXmlbQm1iZVI7VEJDRklZUFtjfXN7blUhdXhlTmdVVllbbGNudnwmKzB7aTUqLXlie2lqbW4hdyMrNzt0NHxIPSBF[...]
Line Found : user_pref("CT1060933./9b+7e,x305.from_oldbar.enc", "JH4oQS8/Pjd5RTo9KnIseXt4fTEoMzxHSEAsV0xPPCU+LC4rL0M6RU5ZUFtXZ2pmQm1iRV5pVD1WREZDRltSXWZxbCFua1h9c2dQaVdZVlhuZXB5MycyfWo2Ky56Y3xqbGlqIngkLUY6PkVGSUxA[...]
Line Found : user_pref("CT1060933./9b+7e-x305.from_oldbar.enc", "JH4pMnZBNjk3MzVFOX4/STsvdzF+ICUgNi04QkdKWFFaXFhdUF9ZOWRZXEkySzk6PzlQR1JcQXNoa2llZ3t5b217blUhdXhZJnZoUWpYWV5Xb2ZxezAkMiQ4J205LjFxPi8haSNwcXV4KH4qNDk8[...]
Line Found : user_pref("CT1060933./9b+7e/x305.from_oldbar.enc", "JH4rQTU2MnhEOTwpcSt4fHt3MCcyPkxDQ1NOLVhbPCU+LDAuNEM6RVFYYmleZ1pBbGFkUTpTQUVDSFhPWmZte3xxdHJucCF0dFsne35rVG1bX11hcml0IS8nJiY7MXE6KD46QjY+QTR7QDxIeyBN[...]
Line Found : user_pref("CT1060933./9b+7e06cg5el8:.from_oldbar.enc", "bm1pbmprc3Rvdg==");
Line Found : user_pref("CT1060933./9b+7e06cg5el;8i:k.from_oldbar.enc", "JH4tLyJqdHNvdHBxeXp1fCQvS0lHT0I1fV1cPQ==");
Line Found : user_pref("CT1060933./9b+7e0x305.from_oldbar.enc", "JH4sQDpAd0M4OyhwKnd8dX0vJjE+QSlVR0hNUVpOWlkyXVJVQitEMjcwN0lAS1heaF5wbm5mdGJuaWtNeG1wXUZfTVJLUWRbZnMje3csKiovJWQwJSh0XXZkaWJne3J9KzZ0OjYyPUBANXxIPUAt[...]
Line Found : user_pref("CT1060933./9b+7e1x305.from_oldbar.enc", "JH4tQTE9QDJ5RTo9KnIsend5fjEoM0FHPkVHRUgvWk9SPyhBMC0vM0Y9SFZiZWhca2dfbXBgSHNoa1hBWklGSEtfVmFvfCF9dHR6eCdfKyAjb1hxYF1fYXZteCc3OjYwMio9QXZCNzonbyl3dHZ3[...]
Line Found : user_pref("CT1060933./9b+7e2x305.from_oldbar.enc", "JH4uNUIxPT05OntHPD8sdC55IH0yKTRDVlVORy5ZTlEyXk9BKkM1NzIxSD9KWWVfX2JsW3FzaXVpdXRNeG1wUX5rYEliUlBUUWdeaXgoLXx8Yy8kJ3NcdWRmZmh6cXwsO0AwQDx0eDQ9MHxIPUAt[...]
Line Found : user_pref("CT1060933./9b+7e31;cjdjihl@af%peh.from_oldbar.enc", "JH5hOT8jayV2cXJyeisiLW9CUEVOM3s1UVdWVVlNTlMyXVJVQjlEJ1NUXUkySzw7TkVQYmFlcWF0ZFhBIWFccX5sfnpiS2plSCAmaVJrKyF+V05KPls1KSV3bnlcKT04fmchIngk[...]
Line Found : user_pref("CT1060933./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXlie2ptb2khdyMzQUEzN0hHRz0/[...]
Line Found : user_pref("CT1060933./9b+7e4x305.from_oldbar.enc", "JH4wLEB2Qjc6J28pd3t0di4lMEE+T0lKUitVVTojPCsvKClBOENUUV5dVmFfVmhcQm1iZVI7VENGSUpZUFtsaXp+IXAjcHZZJXl8XSp6bFVuXWBjY3NqdSckMTgxNzI2KHM/NDd3RTInbyl3en18[...]
Line Found : user_pref("CT1060933./9b+7e5x305.from_oldbar.enc", "JH4xNkIrd0M4OyhwKnl1encvJjFDSz1JVkpQWS5ZTjFKVUApQjIuMy9HPklbXVlaal5YcHJiZ0l0aWxZQltLR0tRYFdidHwkc3N3JiAkICpiLiMmclt0ZGBkaXlwey42PS4uNDR3Qzh6ND8qcix7[...]
Line Found : user_pref("CT1060933./9b+7e6x305.from_oldbar.enc", "JH4yLD4yMjI4RT58SD1ALXUvfnskJDQrNklTVFJZWFpaUFJONmFWWUYvSDg1PTxNRE9ibG1rcnFqd2FNeG1wXUZfT0xUUWRbZnl7Jnh4KX4vKS0yMGczKCt3YHlpZm5qfnUhNDZAQ0Y8PXxIPUAt[...]
Line Found : user_pref("CT1060933./9b+7e7x305.from_oldbar.enc", "JH4zPSw/Pj95RTo9KnIse3p5ejEoM0dRP0RVWUJMWjFcUVRBKkMzMjA3SD9KXmhWW1lwYG5sZmFkc0x3bG9cRV5OTUtRY1pleSR6KSN4emEtIiVxWnNjYmBleG96Ly8rODg0PEIwMjQ5QzY0SztJ[...]
Line Found : user_pref("CT1060933./9b+7e8x305.from_oldbar.enc", "JH40PT87NTc7PzZ8R0csdC5+eCMyKTRJVlVARy5ZTlE+J0AwMjUzRTxHXFVYY2plbmJebGFrcGhzS3ZrbltEXU1PUk9iWWR5J3ZyKnkoYCwhJHBZcmJkZ2J3bnkvNCs8MXM/NHYwOyZuKHd5fHYt[...]
Line Found : user_pref("CT1060933./9b+7e9x305.from_oldbar.enc", "JH41Myw/MnhEOTwpcSt7dXl5MCcySExPT0RQTEdUWFxQSDRfVFdELUY3MTU0S0JNY2tdX19zaWtKdWptWkNcTUdLSWFYY3kib3QlKCR5YCwhJHBZcmNdYGh3bnkwOjorKi50QDU4JW0nd3F0eywj[...]
Line Found : user_pref("CT1060933./9b+7e:x305.from_oldbar.enc", "JH42Mzs4MnhEOTwpcSt7dnl6MCcySUhVRUQsV0xPPCU+LyotLUM6RVxnVVteP2pfYk84UUI9QD9WTVhvemh4bHFxVCB0d2RNZldSVVNrYm0lfi16ZjInKnZfeGlkZm59dCA3QjIyMkZENXxHRyx0[...]
Line Found : user_pref("CT1060933./9b+7e;x305.from_oldbar.enc", "JH43PzM/NzhCL3tHPD8sdC5+enoiMyo1TUYsV0xPPCU+LysrMUM6RV1jVldcXFpBbGFkUTpTREBARVhPWnJzcXp4bSJWInZ5Zk9oWVVVWW1kbygkLCcqMiEwJ205LjF9ZiBwbGxuJXsnPzpIfklJ[...]
Line Found : user_pref("CT1060933./9b+7e<x305.from_oldbar.enc", "JH44NDAwRC9GNkQ3fUk+QS52MCF9JCY1LDdQTEdXUUtPRzRfVFdELUY3NDo6S0JNZl5wW2RlcWNKdWptWkNcTUpQT2FYY3xxeSB1JiFfKyAjb1hxYl9lYnZteDIuMCUsODIydUE2OSZuKHh1e3ct[...]
Line Found : user_pref("CT1060933./9b+7e=x305.from_oldbar.enc", "JH45MzY/QUE3OTV8SD1ALXUvIH4gIjQrNlBUWVdMVU9RWzRfVFdELUY3Njc4S0JNZ2twbmBvYWZrY2ZNeG1wXUZfUE9QUGRbZiElfHlzemEtIiVxWnNkY2RjeG96NT0yM0A/Oz8zeEQ5PClxK3t6[...]
Line Found : user_pref("CT1060933./9b+7e>x305.from_oldbar.enc", "JH46QTY/MjI4OHtHPD8sdC5+ICF8Myo1UE9TRkgvWk9SPyhBMjM0L0Y9SGNcXWZiakNuY2ZTPFVGR0hCWlFcd3B3cyAjcSFZJXl8aVJrXF1dYXBnci4hLiQ4KDg3Lyo6LnM/NDckbCZ2d3d6KyIt[...]
Line Found : user_pref("CT1060933./9b+7e?x305.from_oldbar.enc", "JH47LS8vM0E0QDo6fUlMLXUvICMgfjQrNlJQTFJJVVJWUlw1YFVYRS5HODs4NkxDTmpwb19lY11zb2d1eGhMZXBrVCB0d2RNZldaV1RrYm0qIisvJS5oNCkseGF6a25rZyB2Ij5EQkEzNkE8PiBL[...]
Line Found : user_pref("CT1060933./9b+7e@x305.from_oldbar.enc", "JH48QEIrd0M4OyhwKnt2fngvJjFOUlQ9KlVKLUZRPCU+MCszLEM6RWJnVlFiWWVfX0NuY0ZfalU+V0lETERcU157IXR8eCF0WiZ6fWpTbF5ZYGJxaHMxNCkmJm05LjF9ZiBxbHN0JXsnRDY5PT9F[...]
Line Found : user_pref("CT1060933./9b+7eax305.from_oldbar.enc", "JH49PTc4d0M4OyhwKnt6dX4vJjFPS1JLREVJS0lIVFBYWVJTX1E4Y1hbSDFKPDs2PU9GUW9rbm1jd21odmZQe3BzYEliVFNOVGdeaSgsdCsrMCZlMSYpdV53aWhjaHxzfj0wLj0yMjg2RHxIPUAt[...]
Line Found : user_pref("CT1060933./9b+7ebe3g=;d9n9=d.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZJZXFzTTNLVw==");
Line Found : user_pref("CT1060933./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3lie2ZoaiB2IkEvM3lFOj0qcix2[...]
Line Found : user_pref("CT1060933./9b+7ecx305.from_oldbar.enc", "JH4/PTAwQzEuekY7PitzLXsgfjEoM1NRVlVRV1pPWExeM15TVkMsRTQ4NklAS2tZVmxoa0ZxZmlWP1hHS0hcU15+bGlWInZ5Zk9oV1tXbGNuLzEhJjAjNio1LCw6MTlxPTI1ImokcnZxKH4qSkE/[...]
Line Found : user_pref("CT1060933./9b+7edx305.from_oldbar.enc", "JH5ANUIqNjh5RTo9KnIsfSAvJjFSR1Q8SEosV1o7JD0vL0A3QmNYZU1ZWz1oXUBkX084UUNCVEtWd2x5YW1vUXluYEliVFJlXGcpJnl9fSB8fDEnL2czKCt3YHlraHxzfkA+NDJEOUZ6Rjs+K3Mt[...]
Line Found : user_pref("CT1060933./9b+7etx305.from_oldbar.enc", "JH5uLy47MjNCNXtEOStzLXp7e3wyKTQjUkxUV0dKTlBWXUphUV9dV1JVZD1oXWBNNk89Pj49VEtWRUhqc21pb1J9cnViS2RSU1NRaWBrWnt7dyYueWczKCt3YHlnaGdvfnUhcm01Pjg0OnxIPUAt[...]
Line Found : user_pref("CT1060933./9b-0?3g>d.from_oldbar.enc", "PmhqcnNwdHF6RnBHciB9SHt3JXt7ICMqViRYJyxaKycuKV4s");
Line Found : user_pref("CT1060933./9b-0?3g@6:5;.from_oldbar.enc", "AA==");
Line Found : user_pref("CT1060933./9b-0?3gfa7ef.from_oldbar.enc", "Ky4sPQ==");
Line Found : user_pref("CT1060933./9b-3=3eccja=f>.from_oldbar.enc", "JH4zPSxFL0E1J28penkgfiIhMCcyP0NKNn44UkdITSUxMk5dUU5cY2I7WVhiaWhnYGJqRXBlaEgraXdxb3d+enB8Uz9+fiVxe3RcKnh8dVAufFUtLm80IVtoY21sb215MS5lTDs3QjgxNiBd[...]
Line Found : user_pref("CT1060933./9b/>01=9a6k6<im;krie@pdawm.from_oldbar.enc", "amlrcnN0dXY=");
Line Found : user_pref("CT1060933./9b3=>@44i48?.from_oldbar.enc", "NywtMml1djNCNjNBSEcgPj1HTk1MRUdPKlVKTS1YWFheS1VONmNSVk8=");
Line Found : user_pref("CT1060933./9b5ba==9cjag.from_oldbar.enc", "OmxscWxrcHB6cXJ0SHx4d3l6fXpQ");
Line Found : user_pref("CT1060933./9b6b11g28b8jhhokg>b.from_oldbar.enc", "bm1pbmprc3J2c3l6dA==");
Line Found : user_pref("CT1060933./9b6b11g4c56b>f;p;anr@p.from_oldbar.enc", "bm1pbmprc3RwcXF5ew==");
Line Found : user_pref("CT1060933./9b9643g3/9e.from_oldbar.enc", "ag==");
Line Found : user_pref("CT1060933./9b;45>:bi9i7ie.from_oldbar.enc", "Ky4sPQ==");
Line Found : user_pref("CT1060933./9b<:222h64<.from_oldbar.enc", "OT81Lz4=");
Line Found : user_pref("CT1060933./9b=+03eh8h8j?:.from_oldbar.enc", "REM=");
Line Found : user_pref("CT1060933./9b?+e2a52d8.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZkcHJ5UVVeXlI=");
Line Found : user_pref("CT1060933./9b?b0d:8aj62<h.from_oldbar.enc", "bQ==");
Line Found : user_pref("CT1060933./9ba@0<0bi6a7gn:6@l?.from_oldbar.enc", "bA==");
Line Found : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT1060933.1000082.muteState", "off");
Line Found : user_pref("CT1060933.1000082.shrinkState", "expanded");
Line Found : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFOG\",\"url\":\"hxxp://live.cumulusstreaming.com/KFOG-FM\"}");
Line Found : user_pref("CT1060933.129272674122038321isEnableThisAppDialog", "{\"dataType\":\"string\",\"data\":true}");
Line Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Mon Nov 12 2012 21:38:38 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Line Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Line Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Line Found : user_pref("CT1060933.BrowserCompStateIsOpen_130040833450137909", true);
Line Found : user_pref("CT1060933.BrowserCompStateIsOpen_130068876516309164", true);
Line Found : user_pref("CT1060933.BrowserCompStateIsOpen_130262967617041722", true);
Line Found : user_pref("CT1060933.CTID", "CT1060933");
Line Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Nov 20 2013 22:00:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT1060933");
Line Found : user_pref("CT1060933.CommunityChanged", true);
Line Found : user_pref("CT1060933.CurrentServerDate", "21-11-2013");
Line Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Line Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Wed Nov 20 2013 19:04:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Line Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Nov 20 2013 19:04:16 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Line Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Line Found : user_pref("CT1060933.EMailNotifierPollDate", "Tue Oct 25 2011 19:15:28 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1060933.EnableSearchSuggest", false);
Line Found : user_pref("CT1060933.FirstServerDate", "26-2-2011");
Line Found : user_pref("CT1060933.FirstTime", true);
Line Found : user_pref("CT1060933.FirstTimeFF3", true);
Line Found : user_pref("CT1060933.FixPageNotFoundErrors", false);
Line Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Line Found : user_pref("CT1060933.HomePageProtectorEnabled", false);
Line Found : user_pref("CT1060933.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT1060933.Initialize", true);
Line Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Line Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT1060933.InstalledDate", "Sat Feb 26 2011 10:03:55 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.InvalidateCache", false);
Line Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Line Found : user_pref("CT1060933.IsGrouping", false);
Line Found : user_pref("CT1060933.IsMulticommunity", true);
Line Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Line Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Line Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Wed Nov 20 2013 19:04:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT1060933.LastLogin_3.10.0.1", "Sun Apr 22 2012 08:35:19 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Mon Apr 30 2012 18:55:51 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Thu May 31 2012 00:33:56 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:40:24 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Thu Aug 23 2012 03:05:51 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Wed Nov 07 2012 05:45:51 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LastLogin_3.16.0.100", "Wed Nov 20 2013 19:04:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LastLogin_3.16.0.3", "Thu Jan 03 2013 16:37:04 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LastLogin_3.2.1.3", "Tue Dec 13 2011 13:23:38 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LastLogin_3.8.1.0", "Sun Jan 08 2012 23:59:10 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Mon Feb 13 2012 18:31:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT1060933.Locale", "en-us");
Line Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT1060933.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT1060933.RadioIsPodcast", false);
Line Found : user_pref("CT1060933.RadioLastCheckTime", "Wed Nov 20 2013 19:04:18 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Line Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Line Found : user_pref("CT1060933.RadioMediaID", "21504191");
Line Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Line Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Line Found : user_pref("CT1060933.RadioShrinked", "shrinked");
Line Found : user_pref("CT1060933.RadioShrinkedFromSetup", true);
Line Found : user_pref("CT1060933.RadioStationName", "KFOG");
Line Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Line Found : user_pref("CT1060933.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Found : user_pref("CT1060933.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT1060933.SF_USER_ID", "%E9%EF%EA%E5%B8%B6%B7%B7%B8%B6%B7%B9%B7%BF%BC%BB%B7%B9%BB%B8%BF%B9%B9%BD");
Line Found : user_pref("CT1060933.SF_USER_ID.enc", "Y2lkXzIwMTEyMDEzMTk2NTEzNTI5MzM3");
Line Found : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT1060933.SearchAppState", "%B9");
Line Found : user_pref("CT1060933.SearchAppState.enc", "Mw==");
Line Found : user_pref("CT1060933.SearchAppTracking", "%F9%EB%F4%FA");
Line Found : user_pref("CT1060933.SearchAppTracking.enc", "c2VudA==");
Line Found : user_pref("CT1060933.SearchBoxWidth", 151);
Line Found : user_pref("CT1060933.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");
Line Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Line Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Wed Nov 20 2013 19:04:16 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT1060933.SearchProtectorEnabled", false);
Line Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Wed Nov 20 2013 19:04:17 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.SettingsLastCheckTime", "Wed Nov 20 2013 22:00:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.SettingsLastUpdate", "1384937775");
Line Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Nov 20 2013 19:04:14 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT1060933.UserID", "UN87101076207336811");
Line Found : user_pref("CT1060933.ValidationData_Search", 2);
Line Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Line Found : user_pref("CT1060933.WeatherNetwork", "");
Line Found : user_pref("CT1060933.WeatherPollDate", "Tue Oct 25 2011 19:55:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT1060933.WeatherUnit", "C");
Line Found : user_pref("CT1060933._9b90e_.3c;7b=?ofb>>rhiqs.from_oldbar.enc", "OT81Lz4=");
Line Found : user_pref("CT1060933._9b_7e.:2z527.from_oldbar.enc", "JH5ANUIqNjh5RTp8NkEsdC4gITEoM1RJVj5KTC5YWD0mPy4yQkc=");
Line Found : user_pref("CT1060933._9b_7e.x305.from_oldbar.enc", "JH4qQTc3RDQzekY7PitzLXp9fCEyKTQ/VkZUUkxHSllaSFFQXlFSOWRZXEkySzk8Oz5QR1JdbGprb3htaFBqb3FxdCJWInZ5Zk9oVllYWm1kb3p7Mn1oNCkseGF6aGtqayB2Ii1AOjNGQD5HfklJ[...]
Line Found : user_pref("CT1060933._key_cl_active", "%B8%EC%BC%BB%EC%BC%BD%BC%B3%EC%B8%B7%BC%B3%BA%EA%B8%EC%B3%BE%E9%E8%B8%B3%BD%EC%BA%B8%BE%BD%BC%E7%BB%EB%EA%BF");
Line Found : user_pref("CT1060933._key_cl_active.enc", "MmY2NWY2NzYtZjIxNi00ZDJmLThjYjItN2Y0Mjg3NmE1ZWQ5");
Line Found : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT1060933.alertChannelId", "15651");
Line Found : user_pref("CT1060933.appApproved.129272674122038321", true);
Line Found : user_pref("CT1060933.approveUntrustedApps", false);
Line Found : user_pref("CT1060933.autocompletepro_enable.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT1060933.autocompletepro_enable_auto.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247");
Line Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D696E6A6B73746F76");
Line Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736F747071797A757C242F4B49474F42357D5D5C3D");
Line Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e31;cjdjihl@af%peh", "247E61393F236B25767172727A2B222D6F4250454E337B3551575655594D4E53325D52554239442753545D49324B3C3B4E455062616571617464584121615C717E6C7E7A6[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C575A3B243D2F2F4037426358654D595B3D685D40645F4F38514342544B56776C79616D6F51796E6049625452655C672[...]
Line Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "3E686A72737074717A46704772207D487B77257B7B20232A562458272C5A2B272E295E2C");
Line Found : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Line Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297A79207E22213027323F434A367E385247484D2531324E5D514E5C63623B59586269686760626A45706568482B6977716F777E7A707C533F7E7E25717[...]
Line Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "3A6C6C716C6B70707A717274487C7877797A7D7A50");
Line Found : user_pref("CT1060933.backendstorage./9b6b11g28b8jhhokg>b", "6E6D696E6A6B73727673797A74");
Line Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D696E6A6B7374707171797B");
Line Found : user_pref("CT1060933.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
Line Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Line Found : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Line Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Line Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Line Found : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Found : user_pref("CT1060933.backendstorage._key_cl_active", "32663635663637362D663231362D346432662D386362322D376634323837366135656439");
Line Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Line Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Line Found : user_pref("CT1060933.backendstorage.cb_experience_000", "323838");
Line Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Line Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "4342363139343936383531305F46697265666F78");
Line Found : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Line Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Line Found : user_pref("CT1060933.backendstorage.cbfirsttime", "4D6F6E2044656320313220323031312032323A32303A323520474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Line Found : user_pref("CT1060933.backendstorage.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7030222C2276657273696F6E223A31307D");
Line Found : user_pref("CT1060933.backendstorage.discover-periodic-reports", "7B2270696E675F30223A5B313338343939323434323638342C31343430303030305D7D");
Line Found : user_pref("CT1060933.backendstorage.discover-user-id", "2265613863346436302D396263612D343835652D386564322D33396566393730653365396622");
Line Found : user_pref("CT1060933.backendstorage.ground-country-code", "22555322");
Line Found : user_pref("CT1060933.backendstorage.impression_counter", "31");
Line Found : user_pref("CT1060933.backendstorage.impression_session_counter", "30");
Line Found : user_pref("CT1060933.backendstorage.impression_session_id", "2261383437383966332D353562382D346434362D383032362D34643865313730353234613422");
Line Found : user_pref("CT1060933.backendstorage.impression_session_last_active", "31333834393936373033313930");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appsconfig", "7B2241707073436F6E66696775726174696F6E223A5B7B226964223A22436C61726974795F416374697665222C2275726C223A22687474703A2F2F73746F726167652E636F6E647[...]
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_clarity_active", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_discover", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_easytobookcars", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_find-a-pro", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_jobsminer", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_appstatereporttime", "31333834393932323730353536");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_calledsetupservice", "31");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_currentversion", "312E31312E342E32");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_first_time", "31");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_globalkeysmigratedtolocalstorage", "31");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_lastlogintime", "31333834393932323730383030");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_localization", "7B226469616C6F674F4B223A7B2254657874223A224F4B227D2C22646D626F7831223A7B2254657874223A224465616C5C725C6E6F662074686520646179227D2C22646D626F7[...]
Line Found : user_pref("CT1060933.backendstorage.mam_gk_mamenabled", "74727565");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_new_welcome_experience", "31");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_settings1.11.4.2", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223A223230313331313231222C22696E74657276616C223A32343[...]
Line Found : user_pref("CT1060933.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_stamp", "313034335F30");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_userid", "36343463356362392D333264302D343835362D626335652D653037653039323639386161");
Line Found : user_pref("CT1060933.backendstorage.mam_gk_welcomedialogmode", "31");
Line Found : user_pref("CT1060933.backendstorage.pg_enable", "74727565");
Line Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Line Found : user_pref("CT1060933.backendstorage.response_cache", "7B226368616E6E656C223A7B226C696E6B223A22687474703A2F2F7777772E796F75747562652E636F6D2F77617463683F763D5372747A524C5353387134222C226465736372697074[...]
Line Found : user_pref("CT1060933.backendstorage.searchappstate", "33");
Line Found : user_pref("CT1060933.backendstorage.searchapptracking", "73656E74");
Line Found : user_pref("CT1060933.backendstorage.sf_just_installed", "46414C5345");
Line Found : user_pref("CT1060933.backendstorage.sf_status", "454E41424C4544");
Line Found : user_pref("CT1060933.backendstorage.sf_user_id", "6369645F3230313132303133313936353133353239333337");
Line Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204F637420313620323031322030383A31393A313720474D542D3034303020284561737465726E204461796C696768742054696D6529");
Line Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Line Found : user_pref("CT1060933.backendstorage.url_history", "687474703A2F2F7777772E776F726C646C696665657870656374616E63792E636F6D2F776F726C642D72616E6B696E67732D746F74616C2D64656174687323574F524C4425323052414E4[...]
Line Found : user_pref("CT1060933.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636F6D2F70726963656C6573732E662E6A6F686E736F6E3A3A3A636C69636B68616E646C65723A3A3A313338343939363835393[...]
Line Found : user_pref("CT1060933.cb_experience_000.from_oldbar.enc", "Mjg4");
Line Found : user_pref("CT1060933.cb_firstuse0100.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT1060933.cb_user_id_000.from_oldbar.enc", "Q0I2MTk0OTY4NTEwX0ZpcmVmb3g=");
Line Found : user_pref("CT1060933.cbcountry_000.from_oldbar.enc", "VVM=");
Line Found : user_pref("CT1060933.cbcountry_001.from_oldbar.enc", "VVM=");
Line Found : user_pref("CT1060933.cbfirsttime", "%D3%F5%F4%A6%CA%EB%E9%A6%B7%B8%A6%B8%B6%B7%B7%A6%B8%B8%C0%B8%B6%C0%B8%BB%A6%CD%D3%DA%B3%B6%BB%B6%B6%A6%AE%CB%E7%F9%FA%EB%F8%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Found : user_pref("CT1060933.cbfirsttime.enc", "TW9uIERlYyAxMiAyMDExIDIyOjIwOjI1IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT1060933.cbopenmamsettings.from_oldbar.enc", "MA==");
Line Found : user_pref("CT1060933.countryCode", "US");
Line Found : user_pref("CT1060933.discover-experiments-photopop.from_oldbar.enc", "eyJuYW1lIjoicGhvdG9wb3AwIiwidmVyc2lvbiI6MTB9");
Line Found : user_pref("CT1060933.discover-periodic-reports.from_oldbar.enc", "eyJwaW5nXzAiOlsxMzg0OTkyNDQyNjg0LDE0NDAwMDAwXX0=");
Line Found : user_pref("CT1060933.discover-user-id.from_oldbar.enc", "ImVhOGM0ZDYwLTliY2EtNDg1ZS04ZWQyLTM5ZWY5NzBlM2U5ZiI=");
Line Found : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT1060933.firstTimeDialogOpened", true);
Line Found : user_pref("CT1060933.fixPageNotFoundErrorByUser", "false");
Line Found : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT1060933.fullUserID", "UN87101076207336811.UP.211805");
Line Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Wed Nov 20 2013 19:04:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.ground-country-code.from_oldbar.enc", "IlVTIg==");
Line Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT1060933.impression_counter.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT1060933.impression_session_counter.from_oldbar.enc", "MA==");
Line Found : user_pref("CT1060933.impression_session_id.from_oldbar.enc", "ImE4NDc4OWYzLTU1YjgtNGQ0Ni04MDI2LTRkOGUxNzA1MjRhNCI=");
Line Found : user_pref("CT1060933.impression_session_last_active.from_oldbar.enc", "MTM4NDk5NjcwMzE5MA==");
Line Found : user_pref("CT1060933.initDone", true);
Line Found : user_pref("CT1060933.installType", "DirectDownload");
Line Found : user_pref("CT1060933.isAppTrackingManagerOn", false);
Line Found : user_pref("CT1060933.isCheckedStartAsHidden", true);
Line Found : user_pref("CT1060933.isCollapsed_129272674122038321", "{\"dataType\":\"string\",\"data\":false}");
Line Found : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
Line Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Line Found : user_pref("CT1060933.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT1060933.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT1060933&octid=CT1060933&ISID=ISID_ID&SearchSource=15&CUI=UN87101076207336811&SSPV=[...]
Line Found : user_pref("CT1060933.lastVersion", "10.23.0.822");
Line Found : user_pref("CT1060933.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B7%B8%BB%B8%B7%BE%BE%BF%BE");
Line Found : user_pref("CT1060933.mam_gk_appStateReportTime.enc", "MTM4NTEyNTIxODg5OA==");
Line Found : user_pref("CT1060933.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_Discover", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_Easytobook", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_Easytobookcars", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_Easytobookcars.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_JobsMiner", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_JobsMiner.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_PriceGong", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appState_WindowShopper", "%F5%F4");
Line Found : user_pref("CT1060933.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Found : user_pref("CT1060933.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Found : user_pref("CT1060933.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT1060933.mam_gk_appsdefaultenabled.from_oldbar.enc", "bnVsbA==");
Line Found : user_pref("CT1060933.mam_gk_appstate_clarity_active.from_oldbar.enc", "b24=");
Line Found : user_pref("CT1060933.mam_gk_calledSetupService", "%B7");
Line Found : user_pref("CT1060933.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Found : user_pref("CT1060933.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Found : user_pref("CT1060933.mam_gk_currentversion.from_oldbar.enc", "MS4xMS40LjI=");
Line Found : user_pref("CT1060933.mam_gk_existingUsersRecoveryDone", "%B7");
Line Found : user_pref("CT1060933.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_first_time", "%B7");
Line Found : user_pref("CT1060933.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Found : user_pref("CT1060933.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B7%B8%BB%B8%B7%BF%BA%B6%BC");
Line Found : user_pref("CT1060933.mam_gk_lastLoginTime.enc", "MTM4NTEyNTIxOTQwNg==");
Line Found : user_pref("CT1060933.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Found : user_pref("CT1060933.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Found : user_pref("CT1060933.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT1060933.mam_gk_new_welcome_experience", "%B7");
Line Found : user_pref("CT1060933.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Found : user_pref("CT1060933.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT1060933.mam_gk_settings1.11.4.2", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT1060933.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Found : user_pref("CT1060933.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Found : user_pref("CT1060933.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT1060933.mam_gk_showwelcomegadget.from_oldbar.enc", "ZmFsc2U=");
Line Found : user_pref("CT1060933.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Found : user_pref("CT1060933.mam_gk_stamp.enc", "MTA0M18w");
Line Found : user_pref("CT1060933.mam_gk_userId", "%BC%BA%BA%E9%BB%E9%E8%BF%B3%B9%B8%EA%B6%B3%BA%BE%BB%BC%B3%E8%E9%BB%EB%B3%EB%B6%BD%EB%B6%BF%B8%BC%BF%BE%E7%E7");
Line Found : user_pref("CT1060933.mam_gk_userId.enc", "NjQ0YzVjYjktMzJkMC00ODU2LWJjNWUtZTA3ZTA5MjY5OGFh");
Line Found : user_pref("CT1060933.mam_gk_user_approval_interacted", "%B7");
Line Found : user_pref("CT1060933.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_welcomeDialogMode", "%B7");
Line Found : user_pref("CT1060933.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT1060933.mam_gk_welcomedialogmode.from_oldbar.enc", "MQ==");
Line Found : user_pref("CT1060933.missingMachineIdSent", "true");
Line Found : user_pref("CT1060933.myStuffEnabled", true);
Line Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT1060933.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"When the window appears, underneath Output at the top change it to Minimal Output.\\r\\nCheck the boxes beside LOP Check and Purity [...]
Line Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321,129032145384800518,129032148247613461,129032152822456983,129032154330894193,129032155426050046,1290[...]
Line Found : user_pref("CT1060933.originalSearchAddressUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
Line Found : user_pref("CT1060933.pg_enable.from_oldbar.enc", "dHJ1ZQ==");
Line Found : user_pref("CT1060933.price-gong.isManagedApp", "true");
Line Found : user_pref("CT1060933.printitgreenstatus.from_oldbar.enc", "dHJ1ZQ==");
Line Found : user_pref("CT1060933.response_cache.from_oldbar.enc", "eyJjaGFubmVsIjp7ImxpbmsiOiJodHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9U3J0elJMU1M4cTQiLCJkZXNjcmlwdGlvbiI6IlRydWZmbGVzIEJ5IENvbmR1aXQiLCJzb3VyY2UiO[...]
Line Found : user_pref("CT1060933.revertSettingsEnabled", false);
Line Found : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Line Found : user_pref("CT1060933.search.searchCount", 2);
Line Found : user_pref("CT1060933.searchFromAddressBarEnabledByUser", "false");
Line Found : user_pref("CT1060933.searchInNewTabEnabledByUser", "false");
Line Found : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT1060933.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1060933.sendUsageEnabled", "false");
Line Found : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1060933\"}");
Line Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Freecorder.Media-Toolbar.com//xpi\"}");
Line Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freecorder \"}");
Line Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT1060933.serviceLayer_services_Configuration_lastUpdate", "1396786782756");
Line Found : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1396786782561");
Line Found : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1396786781542");
Line Found : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1395799074135");
Line Found : user_pref("CT1060933.serviceLayer_services_login_10.20.101.5_lastUpdate", "1385125196320");
Line Found : user_pref("CT1060933.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387182626885");
Line Found : user_pref("CT1060933.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396786771752");
Line Found : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1395799074180");
Line Found : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1396786772842");
Line Found : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1396786771747");
Line Found : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1396786771953");
Line Found : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1396786782432");
Line Found : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1396786771749");
Line Found : user_pref("CT1060933.settingsINI", true);
Line Found : user_pref("CT1060933.sf_status.from_oldbar.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT1060933.showToolbarPermission", "false");
Line Found : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Line Found : user_pref("CT1060933.smartbar.Uninstall", "0");
Line Found : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Line Found : user_pref("CT1060933.testingCtid", "");
Line Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Wed Nov 20 2013 19:04:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.toolbarBornServerTime", "26-2-2011");
Line Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Wed Nov 20 2013 19:04:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.toolbarCurrentServerTime", "2-4-2014");
Line Found : user_pref("CT1060933.toolbarLoginClientTime", "Wed Nov 20 2013 22:52:28 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT1060933.upgradeFromOBVersion", true);
Line Found : user_pref("CT1060933.url_history.from_oldbar.enc", "aHR0cDovL3d3dy53b3JsZGxpZmVleHBlY3RhbmN5LmNvbS93b3JsZC1yYW5raW5ncy10b3RhbC1kZWF0aHMjV09STEQlMjBSQU5LSU5HUw==");
Line Found : user_pref("CT1060933.url_history0001", "%F0%E7%FC%E7%F9%E9%F8%EF%F6%FA%C0%C1%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BE%BB%B6%B6%B8%B6%BB%BE%BB%B7%BA%B2%B2%B2%F0%E7%FC%E7%F9%E9%F8%[...]
Line Found : user_pref("CT1060933.url_history0001.enc", "amF2YXNjcmlwdDo7Ojo6Y2xpY2toYW5kbGVyOjo6MTM4NTAwMjA1ODUxNCwsLGphdmFzY3JpcHQ6Ozo6OmNsaWNraGFuZGxlcjo6OjEzODUwMDIwODkxNjYsLCxqYXZhc2NyaXB0Ojs6OjpjbGlja2hhbmRs[...]
Line Found : user_pref("CT1060933.usageEnabled", false);
Line Found : user_pref("CT1060933.usagesFlag", 2);
Line Found : user_pref("CT1060933_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396788031847,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933", "\"5f7d4248c2974e3f2e4168d31268f8443\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", "\"1381823163\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "uG7mdamLoNmpmgC2c0JctQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT1060933", "uG7mdamLoNmpmgC2c0JctQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "jf4tQQjNr2TQ31uHimzTMg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT1060933", "jf4tQQjNr2TQ31uHimzTMg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT1060933", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "ZU6zjERHpZr7lBpInn+HyA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1060933&UM=UM_UNINSTALL_ID", "ZU6zjERHpZr7lBpInn+HyA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"f4cb1557a8bece1:16f8\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"f414eeaa6bece1:16f8\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15a3\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:12da\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"93602d2a60e927e3ca51f1ad15996f04\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634339976460000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=CT1060933", "\"1320839842\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933", "\"1311168835\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equalizer_dead.gif", "\"0678fe477ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/maxi.gif", "\"0639a4d477ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimize.gif", "\"046c7ab477ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gif", "\"0484de117c4c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play_mini.gif", "\"0484de117c4c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gif", "\"0e7a152347ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif", "\"087c778347ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"073e33a707e0305bf15c11c5bbb33921\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"fdb110de29f7ee811adde34d5bf41dc1\"");
Line Found : user_pref("CommunityToolbar.EngineOwner", "");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rogue7\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w392z5su.default\\conduitCommon\\modules\\3.16.0.100");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.100");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/fc6/gadget/video.html", "833x248");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_8370ec86", "356x332");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Dec 12 2011 22:20:18 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Dec 13 2011 07:46:24 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "ae801444-b627-47d8-ae41-627fbd904f8d");
Line Found : user_pref("CommunityToolbar.globalUserId", "111dcaa8-57a9-4018-8dda-dff6c82d922b");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.killedEngine", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Nov 20 2013 19:04:24 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Nov 20 2013 20:04:28 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Nov 20 2013 19:04:21 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "3da01826-e764-4160-a458-4296d12e8de0");
Line Found : user_pref("CommunityToolbar.undefined", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
Line Found : user_pref("extensions.asktb.cbid", "UF");
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Found : user_pref("extensions.asktb.fresh-install", false);
Line Found : user_pref("extensions.asktb.l", "dis");
Line Found : user_pref("extensions.asktb.last-config-req", "1265759120257");
Line Found : user_pref("extensions.asktb.locale", "en_US");
Line Found : user_pref("extensions.asktb.o", "15150");
Line Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Found : user_pref("extensions.asktb.qsrc", "2871");
Line Found : user_pref("extensions.asktb.r", "5");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");
Line Found : user_pref("smartbar.machineId", "AQY5YYHLAXGA6UCW96ZNWFOGM+DCLGE0MYMRMQFJKVLQO0I1AYB9EA+FKIC7IIKPXAR25A5K1541+ZHZUWRA+Q");
Line Found : user_pref("valueApps.CT1060933./9B+7E+x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E,x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E-x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247");
Line Found : user_pref("valueApps.CT1060933./9B+7E.:2z527.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E.x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E/x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E06CG5EL8:", "6E6D686C6C6B70716E70");
Line Found : user_pref("valueApps.CT1060933./9B+7E06CG5EL8:.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E72727176777476242F4B49474F42357D5D5C3D");
Line Found : user_pref("valueApps.CT1060933./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E0x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E1x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E2x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ0J23BJ#NCF.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ3<>II==IQAO(SHK", "247E61393F236B257670767A782B222D6F4250454E337B3540494B56564A4A565E4E5C35605558453C472A675C575F5A5D575039522023554C573A777A685C455E4F5261586[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ3<>II==IQAO(SHK.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ69G?JBGN@D'RGJ.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ6CGB@@<$ODG.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ77=;I\"OABGO(SHK.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ77K9IIO?E&QFI", "247E61393F236B257571757A772B222D6F4250454E337B354444584656565C4C52335E5356433A4528655A555D585B554E37507D21534A55387578665A435C4D505F566144706[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ77K9IIO?E&QFI.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ7<K=!LAD.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ7J?:9AI$ODG.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ:J3=MC#NCF", "247E61393F236B25757177767A2B222D6F4250454E337B354757404A5A50305B5053403742256257525A5558524B344D7A7D504752357275635740594A4D5C535E706F73206F2372[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ:J3=MC#NCF.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ<6K?KJ#NCF.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ=F:J?CO$ODG", "247E61393F236B25747679727B2B222D6F4250454E337B354A5347574C505C315C5154413843266358535B5659534C354E7B7E5148533673766458415A465C535E6B6F76624B6A6[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ=F:J?CO$ODG.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ>B6D@H=BOJSI)TIL", "247E61393F236B25767077787B2B222D6F4250454E337B354B4F43514D554A4F5C57605636615659463D482B685D58605B5E58513A532124564D583B787B695D465F505362[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ>B6D@H=BOJSI)TIL.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJ?J9=I==F9&QFI.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJC<=FBJ#NCF.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJDJIHL@AF%PEH.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJE=8H<?>H?N'RGJ", "247E61393F236B25717372752A212C6E414F444D327A3451494454484B4A544B5A335E5356433A4528655A555D585B554E37507D21534A55387578665A435C4D505F56614470[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJE=8H<?>H?N'RGJ.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJEIK4!LAD.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJEIK4!LO.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJG97?KG7?CGH(SHK", "247E61393F236B2574767878752B222D6F4250454E337B355446444C5854444C50545535605558453C472A675C575F5A5D575039522023554C573A777A685C455E504A61586[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJG97?KG7?CGH(SHK.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJGF@A>GACM@LFF*JTF.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJHF99L:7$ODG.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJI78 K@C", "247E61393F236B25716F77732A212C6E414F444D327A345543442C574C4F3C333E215E534E5651544E47304976794C434E316E715F533C5543574E593C6869725E47605150635A65727[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJI78 K@C.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJI;<AI\"MBE.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJI>K3?A#NCF.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJIG=KI\"MBE.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJII=8:\"MBE.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJyyy;H\"MBE", "247E61393F236B25757176767B2B222D6F4250454E337B3527272748552F5A4F523F364124615651595457514A334C797C4F465134717462563F58494C5B525D6F6E727E6E227165[...]
Line Found : user_pref("valueApps.CT1060933./9B+7E31;CJyyy;H\"MBE.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7E3x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E4x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E5x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E6x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E7x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E8x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E9x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E:x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E;x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E<x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E=x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E>x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E?x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7E@x305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7EAx305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("valueApps.CT1060933./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B+7EBx305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7ECx305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7EDx305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B+7Etx305.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933./9B-0?3G>D", "3E686A72737074717A46704772207D487B77257B7B20232A562458272C5A2B272E295E2C");
Line Found : user_pref("valueApps.CT1060933./9B-0?3G>D.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B-0?3G@6:5;", "");
Line Found : user_pref("valueApps.CT1060933./9B-0?3G@6:5;.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B-0?3GFA7EF", "2B2E2C3D");
Line Found : user_pref("valueApps.CT1060933./9B-0?3GFA7EF.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Found : user_pref("valueApps.CT1060933./9B-3=3ECCJA=F>.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Found : user_pref("valueApps.CT1060933./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("valueApps.CT1060933./9B3=>@44I48?.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B5BA==9CJAG", "3A6C6C716C6B70707A717274487C7877797A7D7A50");
Line Found : user_pref("valueApps.CT1060933./9B5BA==9CJAG.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B6B11G28B8JHHOKG>B", "6E6D696E6A6B73727673797A74");
Line Found : user_pref("valueApps.CT1060933./9B6B11G28B8JHHOKG>B.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B6B11G4C56B>F;P;ANR@P", "6E6D686C6C6B70716E70757A79");
Line Found : user_pref("valueApps.CT1060933./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Found : user_pref("valueApps.CT1060933./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B9643G3/9E", "6A");
Line Found : user_pref("valueApps.CT1060933./9B9643G3/9E.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B;45>:BI9I7IE", "2B2E2C3D");
Line Found : user_pref("valueApps.CT1060933./9B;45>:BI9I7IE.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B<:222H64<", "393F352F3E");
Line Found : user_pref("valueApps.CT1060933./9B<:222H64<.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B=+03EH8H8J?:", "4443");
Line Found : user_pref("valueApps.CT1060933./9B=+03EH8H8J?:.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("valueApps.CT1060933./9B?+E2A52D8.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9B?B0D:8AJ62<H", "6D");
Line Found : user_pref("valueApps.CT1060933./9B?B0D:8AJ62<H.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933./9BA@0<0BI6A7GN:6@L?", "6C");
Line Found : user_pref("valueApps.CT1060933./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.PG_ENABLE", "74727565");
Line Found : user_pref("valueApps.CT1060933.PG_ENABLE.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.SF_JUST_INSTALLED", "46414C5345");
Line Found : user_pref("valueApps.CT1060933.SF_JUST_INSTALLED.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.SF_USER_ID", "6369645F3230313132303133313936353133353239333337");
Line Found : user_pref("valueApps.CT1060933.SF_USER_ID.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933._key_cl_active", "32663635663637362D663231362D346432662D386362322D376634323837366135656439");
Line Found : user_pref("valueApps.CT1060933._key_cl_active.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933._key_edilia__uID", "31626636663464322D613562632D343562372D626261352D393462613735326237366361");
Line Found : user_pref("valueApps.CT1060933._key_edilia__uID.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.cb_experience_000", "353132");
Line Found : user_pref("valueApps.CT1060933.cb_experience_000.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.cb_firstuse0100", "31");
Line Found : user_pref("valueApps.CT1060933.cb_firstuse0100.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.cb_user_id_000", "4342363139343936383531305F46697265666F78");
Line Found : user_pref("valueApps.CT1060933.cb_user_id_000.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.cbfirsttime", "4D6F6E2044656320313220323031312032323A32303A323520474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("valueApps.CT1060933.cbfirsttime.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.click_counter", "31");
Line Found : user_pref("valueApps.CT1060933.click_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7030222C2276657273696F6E223A31307D");
Line Found : user_pref("valueApps.CT1060933.discover-experiments-photopop.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.discover-periodic-reports", "7B2270696E675F30223A5B313338393932313734303035342C31343430303030305D7D");
Line Found : user_pref("valueApps.CT1060933.discover-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.discover-user-id", "2265613863346436302D396263612D343835652D386564322D33396566393730653365396622");
Line Found : user_pref("valueApps.CT1060933.discover-user-id.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.ground-country-code", "22555322");
Line Found : user_pref("valueApps.CT1060933.ground-country-code.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.hover_counter", "3132");
Line Found : user_pref("valueApps.CT1060933.hover_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.impression_counter", "3233");
Line Found : user_pref("valueApps.CT1060933.impression_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.impression_session_counter", "3435");
Line Found : user_pref("valueApps.CT1060933.impression_session_counter.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.impression_session_id", "2234636466336534352D616433642D343662352D613839392D32306163663232393931666622");
Line Found : user_pref("valueApps.CT1060933.impression_session_id.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.impression_session_last_active", "31333936373935363037303631");
Line Found : user_pref("valueApps.CT1060933.impression_session_last_active.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appStateReportTime", "31333936373935353935393235");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appStateReportTime.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Clarity_Active", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_CouponBuddy", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Discover", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Discover.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Easytobook", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Easytobook.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Easytobookcars", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Easytobookcars.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Find-a-Pro", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_JobsMiner", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_JobsMiner.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_PriceGong", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_PriceGong.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_WindowShopper", "6F6E");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appState_WindowShopper.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appsConfig.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Found : user_pref("valueApps.CT1060933.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_calledSetupService", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_calledSetupService.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_currentBadgeValue", "30");
Line Found : user_pref("valueApps.CT1060933.mam_gk_currentBadgeValue.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_currentVersion", "312E31332E302E3137");
Line Found : user_pref("valueApps.CT1060933.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_eventsCache", "7B2265343332663964372D383462622D343332642D613761612D663034383231363166376538223A7B22746F706963223A2273686F774261646765222C2264617461223A22222C22756[...]
Line Found : user_pref("valueApps.CT1060933.mam_gk_eventsCache.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_existingUsersRecoveryDone", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_first_time", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_first_time.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_lastLoginTime", "31333936373935353936343331");
Line Found : user_pref("valueApps.CT1060933.mam_gk_lastLoginTime.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_localization.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_mamEnabled", "74727565");
Line Found : user_pref("valueApps.CT1060933.mam_gk_mamEnabled.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_migrated_from_ls", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_migrated_from_ls.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_newApps", "5B5D");
Line Found : user_pref("valueApps.CT1060933.mam_gk_newApps.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_new_welcome_experience", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_new_welcome_experience.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_pgUnloadedOnce", "74727565");
Line Found : user_pref("valueApps.CT1060933.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_settings1.11.4.2.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_settings1.11.5.1.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_settings1.12.0.5.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_settings1.13.0.17.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.mam_gk_showWelcomeGadget", "66616C7365");
Line Found : user_pref("valueApps.CT1060933.mam_gk_showWelcomeGadget.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_stamp", "313034335F30");
Line Found : user_pref("valueApps.CT1060933.mam_gk_stamp.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_userBornDate", "4E2F41");
Line Found : user_pref("valueApps.CT1060933.mam_gk_userBornDate.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_userId", "36343463356362392D333264302D343835362D626335652D653037653039323639386161");
Line Found : user_pref("valueApps.CT1060933.mam_gk_userId.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_user_approval_interacted.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.mam_gk_welcomeDialogMode", "31");
Line Found : user_pref("valueApps.CT1060933.mam_gk_welcomeDialogMode.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchAgent.reporter", "7B22687474703A2F2F73706F72747363656E74657263742E636F6D2F7363686564756C65732F6C617A65722D7461672D686F7572732F223A313338393734313631383232357D");
Line Found : user_pref("valueApps.CT1060933.rematchAgent.reporter.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchGround-city", "224E455720594F524B204349545922");
Line Found : user_pref("valueApps.CT1060933.rematchGround-city.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchGround-country-code", "22555322");
Line Found : user_pref("valueApps.CT1060933.rematchGround-country-code.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchGround-region", "224E455720594F524B22");
Line Found : user_pref("valueApps.CT1060933.rematchGround-region.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354313036303933337E62313[...]
Line Found : user_pref("valueApps.CT1060933.rematchGround.upstairs.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchagent-is-test-user", "66616C7365");
Line Found : user_pref("valueApps.CT1060933.rematchagent-is-test-user.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchagent-matkot-user-id", "22313338393535393331313138363535323334353622");
Line Found : user_pref("valueApps.CT1060933.rematchagent-matkot-user-id.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339363739353539373235362C31343430303030305D7D");
Line Found : user_pref("valueApps.CT1060933.rematchagent-periodic-reports.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.rematchagent-user-id", "2266326437313939662D356239372D343630612D623736662D62303361333137343532376522");
Line Found : user_pref("valueApps.CT1060933.rematchagent-user-id.storedInFile", false);
Line Found : user_pref("valueApps.CT1060933.response_cache.storedInFile", true);
Line Found : user_pref("valueApps.CT1060933.url_history0001.storedInFile", true);

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Rogue7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [91293 octets] - [06/04/2014 13:56:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [91354 octets] ##########

 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:27 PM

Posted 06 April 2014 - 02:07 PM

Hello rogueish1,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 04:15 PM

# AdwCleaner v3.023 - Report created 06/04/2014 at 16:50:49
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Rogue7 - ROGUE7-PC
# Running from : C:\Users\Rogue7\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Rogue7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [91435 octets] - [06/04/2014 13:56:50]
AdwCleaner[R1].txt - [91496 octets] - [06/04/2014 16:43:46]
AdwCleaner[R2].txt - [1086 octets] - [06/04/2014 16:50:09]
AdwCleaner[S0].txt - [93252 octets] - [06/04/2014 16:44:46]
AdwCleaner[S1].txt - [1008 octets] - [06/04/2014 16:50:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1068 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Rogue7 on Sun 04/06/2014 at 16:57:42.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Rogue7\AppData\Roaming\getrighttogo"
Failed to delete: [Folder] "\hosts"
Successfully deleted: [Folder] "C:\Users\Rogue7\appdata\locallow\somototoolbar"
Successfully deleted: [Folder] "C:\Program Files\somototoolbar"
Successfully deleted: [Folder] "C:\Windows\freecorder"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Rogue7\AppData\Roaming\mozilla\firefox\profiles\w392z5su.default\smartbar
Successfully deleted: [Folder] C:\Users\Rogue7\AppData\Roaming\mozilla\firefox\profiles\w392z5su.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Rogue7\AppData\Roaming\mozilla\firefox\profiles\w392z5su.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted the following from C:\Users\Rogue7\AppData\Roaming\mozilla\firefox\profiles\w392z5su.default\prefs.js

user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT1060933.search.searchAppId", "128280995260143876");
user_pref("CT1060933.search.searchCount", "0");
user_pref("CT1060933.smartbar.CTID", "CT1060933");
user_pref("CT1060933.smartbar.Uninstall", "0");
user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
user_pref("smartbar.machineId", "AQY5YYHLAXGA6UCW96ZNWFOGM+DCLGE0MYMRMQFJKVLQO0I1AYB9EA+FKIC7IIKPXAR25A5K1541+ZHZUWRA+Q");
Emptied folder: C:\Users\Rogue7\AppData\Roaming\mozilla\firefox\profiles\w392z5su.default\minidumps [45 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/06/2014 at 17:00:24.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 rogueish1

rogueish1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 06 April 2014 - 04:16 PM

OTL logfile created on: 4/6/2014 5:01:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rogue7\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.55 Mb Total Physical Memory | 350.57 Mb Available Physical Memory | 34.25% Memory free
2.00 Gb Paging File | 1.12 Gb Available in Paging File | 56.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.38 Gb Total Space | 227.00 Gb Free Space | 81.25% Space Free | Partition Type: NTFS
 
Computer Name: ROGUE7-PC | User Name: Rogue7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rogue7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (SmileyCentral_1vService) -- C:\Program Files\SmileyCentral_1v\bar\1.bin\1vbarsvc.exe (SmileyCentral)
SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\Rogue7\AppData\Local\Temp\catchme.sys File not found
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (vsock) -- C:\Windows\System32\drivers\vsock.sys (VMware, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetn62.sys (VIA Technologies, Inc.              )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (AE1000) -- C:\Windows\System32\drivers\ae1000w7.sys (Ralink Technology Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C AB B0 98 52 75 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS356
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: newtaburl%40sogame.cat:2.2.3
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "https://www.google.com/search?q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SmileyCentral_1v.com/Plugin: C:\Program Files\SmileyCentral_1v\bar\1.bin\NP1vStub.dll (SmileyCentral)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1vffxtbr@SmileyCentral_1v.com: C:\Program Files\SmileyCentral_1v\bar\1.bin [2010/12/24 23:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 20:14:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 20:14:58 | 000,000,000 | ---D | M]
 
[2010/01/17 00:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Extensions
[2014/04/06 16:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions
[2011/02/19 23:33:04 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}
[2012/11/10 18:13:49 | 000,051,994 | ---- | M] () (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\newtaburl@sogame.cat.xpi
[2012/11/10 18:27:50 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Rogue7\AppData\Roaming\Mozilla\Firefox\Profiles\w392z5su.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/11/20 21:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 19:32:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\Rogue7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\Rogue7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2011/10/09 16:01:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Wondershare Helper Compact.exe] "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6E4938-10AB-45DE-954B-2D5CA4E0F6CD}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244DDEA2-C380-4CCC-A266-FE4DE277F975}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34462C98-2B20-41D1-BF11-DF1CD04B96CA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351A6EDC-6D17-45B3-B38F-71A4C88DA743}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7521A8FD-2EC9-45DD-A517-FF997104ADE0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{786A6E16-A5AA-4C30-9BAE-92E84863F8F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48B83B0-2DBD-4509-ABB4-3FA85E7159A9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6893AF0-8ADE-47C3-B344-DEAB5765DF87}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDDB2726-C7B2-4D93-AE6E-34D2E82D13DE}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/06 16:57:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/06 16:42:23 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Rogue7\Desktop\JRT(1).exe
[2014/04/06 13:56:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/06 13:02:40 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/06 13:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/06 13:01:45 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/06 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\Desktop\mbar
[2014/04/06 12:54:24 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Rogue7\Desktop\mbar-1.07.0.1009.exe
[2014/04/06 10:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rogue7\Desktop\OTL.exe
[2014/03/27 23:24:07 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2014/03/27 23:24:07 | 000,851,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller2.dll
[2014/03/27 23:24:07 | 000,080,184 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/03/27 23:17:32 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\AppData\Local\Wondershare
[2014/03/27 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2014/03/27 23:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2014/03/27 23:17:09 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\AppData\Roaming\Wondershare
[2014/03/27 23:17:09 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\.android
[2014/03/27 23:17:08 | 000,000,000 | -H-D | C] -- C:\Program Files\DrFoneAndroid_Temp
[2014/03/27 23:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2014/03/27 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Rogue7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare Android Data Recovery
[2014/03/27 23:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Tenorshare Android Data Recovery
[2014/03/13 21:56:43 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/13 21:56:33 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/13 21:56:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/13 21:56:33 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/13 21:56:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/13 21:56:32 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/13 21:56:32 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/13 21:56:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/13 21:56:31 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/13 21:56:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/13 21:56:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/13 21:56:25 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/13 21:56:20 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/13 21:56:20 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/13 21:56:18 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/13 21:56:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/13 21:56:17 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/13 21:56:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/12 23:13:47 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/12 23:13:40 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\Rogue7\Desktop\VMLINUZ.
[2014/04/06 16:58:36 | 000,626,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/06 16:58:36 | 000,107,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/06 16:52:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/06 16:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/06 16:51:46 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/06 16:51:01 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 16:51:01 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 16:42:28 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Rogue7\Desktop\JRT(1).exe
[2014/04/06 16:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 16:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/06 13:15:40 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/06 13:15:20 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/06 12:55:45 | 001,426,178 | ---- | M] () -- C:\Users\Rogue7\Desktop\AdwCleaner(1).exe
[2014/04/06 12:55:23 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Rogue7\Desktop\mbar-1.07.0.1009.exe
[2014/04/06 10:09:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rogue7\Desktop\OTL.exe
[2014/04/06 10:01:32 | 000,987,448 | ---- | M] () -- C:\Users\Rogue7\Desktop\SecurityCheck.exe
[2014/03/30 20:52:22 | 000,034,491 | ---- | M] () -- C:\Users\Rogue7\Desktop\cart.PNG
[2014/03/28 21:36:17 | 000,007,597 | ---- | M] () -- C:\Users\Rogue7\AppData\Local\Resmon.ResmonCfg
[2014/03/28 04:48:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2014/03/27 23:29:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/03/27 23:24:08 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller2.dll
[2014/03/27 23:24:07 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2014/03/27 23:24:07 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/03/27 23:17:21 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for Android.lnk
[2014/03/27 23:14:29 | 000,001,192 | ---- | M] () -- C:\Users\Rogue7\Desktop\Tenorshare Android Data Recovery.lnk
[2014/03/15 12:39:19 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/15 00:59:54 | 000,135,129 | ---- | M] () -- C:\Users\Rogue7\Desktop\Capture.PNG
[2014/03/14 00:08:33 | 000,308,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/12 01:07:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/12 01:07:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Users\Rogue7\Desktop\VMLINUZ.
[2014/04/06 12:55:36 | 001,426,178 | ---- | C] () -- C:\Users\Rogue7\Desktop\AdwCleaner(1).exe
[2014/04/06 10:01:29 | 000,987,448 | ---- | C] () -- C:\Users\Rogue7\Desktop\SecurityCheck.exe
[2014/03/30 20:50:38 | 000,034,491 | ---- | C] () -- C:\Users\Rogue7\Desktop\cart.PNG
[2014/03/27 23:29:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2014/03/27 23:17:21 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for Android.lnk
[2014/03/27 23:04:43 | 000,001,192 | ---- | C] () -- C:\Users\Rogue7\Desktop\Tenorshare Android Data Recovery.lnk
[2014/03/15 00:56:38 | 000,135,129 | ---- | C] () -- C:\Users\Rogue7\Desktop\Capture.PNG
[2011/08/18 20:29:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/17 16:56:24 | 000,007,597 | ---- | C] () -- C:\Users\Rogue7\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/20 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\acccore
[2011/08/12 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\ML
[2011/08/23 20:04:24 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\Samsung
[2011/08/14 14:34:13 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\SAMSUNG Drivers Update Utility
[2013/01/06 18:24:52 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\uTorrent
[2014/03/27 23:17:09 | 000,000,000 | ---D | M] -- C:\Users\Rogue7\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 

< End of report >
 

:bounce: :bananas: :bounce:



#13 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:27 PM

Posted 07 April 2014 - 05:32 AM

Hello rogueish1,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1vffxtbr@SmileyCentral_1v.com: C:\Program Files\SmileyCentral_1v\bar\1.bin [2010/12/24 23:09:08 | 000,000,000 | ---D | M]
    
    
    :Services
    SmileyCentral_1vService
    
    :Files
    C:\Program Files\SmileyCentral_1v\bar\1.bin\1vbarsvc.exe
    
    :Commands
    [purity]
    [emptytemp]
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:27 PM

Posted 11 April 2014 - 02:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users