Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with - PWS:win32/zbot.gen!AP


  • This topic is locked This topic is locked
21 replies to this topic

#1 awmau

awmau

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 08 April 2014 - 09:37 PM

Hello

 

I have a laptop infected with the above (as identified by Microsoft Security Essentials) and have followed the advice given on this website for the same problem (http://www.bleepingcomputer.com/forums/t/518233/pwswin32zbotgenap/) including your recommendation to run DDS.

 

Below I have pasted (in order) all files relating to:

 

DDS (pasted and attached)

MiniToolBox

TDSSKiller (no result of this scan - no log pasted or attached)

ADWcleaner

Junkware Removal Tool

ESET

 

 

Your help would be greatly appreciated :)

awmau

-------------------------------------------------------------

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540  BrowserJavaVersion: 10.51.2
Run by Ralph Richards at 9:34:26 on 2014-04-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3068.1708 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\ralph richards\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [xwgssdec] "c:\users\ralph richards\appdata\local\nrbbhlrw.exe"
uRun: [Quceod] "c:\users\ralph richards\appdata\roaming\pebaxu\owaf.exe"
uRun: [Touqsacy] "c:\users\ralph richards\appdata\roaming\huinpuny\ekisukn.exe"
uRun: [Okqeilizty] "c:\users\ralph richards\appdata\roaming\ybetucd\ortyxuc.exe"
uRun: [Ynupguivoguhis] "c:\users\ralph richards\appdata\roaming\ozadorse\gusih.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpqSRMon] <no file>
StartupFolder: c:\users\ralphr~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mediar~1.lnk - c:\program files\mediaring\mediaring talk\mrtalk.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{14D1F406-93AC-4A71-A3B4-1AE6787332DC} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ralph richards\appdata\roaming\mozilla\firefox\profiles\o5mz3dvi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!7
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\myfuncards_5mei\installr\1.bin\NP5mEISb.dll
FF - plugin: c:\program files\sony\readerdesktop\npreaderdetectmoz.dll
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\users\ralph richards\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\ralph richards\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\ralph richards\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ralph richards\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-27 173192]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 26168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-2-5 47416]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104264]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-1 341328]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-7-6 5120]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-1 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
S1 lspwfbza;lspwfbza;c:\windows\system32\drivers\lspwfbza.sys [2014-4-8 49088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-8-2 103552]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [2010-6-21 78720]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2010-6-21 201088]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2010-6-21 156544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-04-08 12:00:20    49088    ----a-w-    c:\windows\system32\drivers\lspwfbza.sys
2014-04-08 11:08:00    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Ozadorse
2014-04-08 11:03:13    --------    d-----w-    c:\program files\ESET
2014-04-08 10:58:31    --------    d-----w-    c:\windows\ERUNT
2014-04-08 10:57:16    62576    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{bcbb1299-eba3-478c-bb0e-fef4464b4f86}\offreg.dll
2014-04-08 10:51:52    --------    d-----w-    C:\AdwCleaner
2014-04-08 03:00:26    95084    ----a-w-    c:\users\ralph richards\appdata\local\aaejfxjw.exe
2014-04-07 23:22:19    7969936    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{bcbb1299-eba3-478c-bb0e-fef4464b4f86}\mpengine.dll
2014-04-07 21:48:36    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Huinpuny
2014-04-07 19:05:01    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Embiry
2014-04-07 19:01:48    95084    ----a-w-    c:\users\ralph richards\appdata\local\qhbjlptw.exe
2014-04-07 16:03:34    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Uxxiag
2014-04-07 16:03:34    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Pebaxu
2014-04-07 16:03:34    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Beol
2014-04-07 15:54:24    --------    d-----w-    c:\users\ralph richards\appdata\roaming\Ybetucd
2014-04-07 15:53:34    90988    ----a-w-    c:\users\ralph richards\appdata\local\kfuxhqqc.exe
2014-04-07 15:52:26    90988    ----a-w-    c:\users\ralph richards\appdata\local\uenaxkut.exe
2014-04-07 15:51:18    90988    ----a-w-    c:\users\ralph richards\appdata\local\oxhjuwhl.exe
2014-04-07 15:50:12    128512    ----a-w-    c:\users\ralph richards\appdata\local\nrbbhlrw.exe
2014-04-06 19:16:04    7969936    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-05 16:21:37    765968    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{57dbbed6-1e8d-432c-a8dd-0d7b01ef331a}\gapaengine.dll
2014-03-16 09:02:54    --------    d-----w-    c:\users\ralph richards\appdata\local\Skype
2014-03-16 09:02:44    --------    d-----r-    c:\program files\Skype
2014-03-13 04:40:02    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-03-13 04:40:02    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 04:40:00    876032    ----a-w-    c:\windows\system32\wer.dll
2014-03-13 04:39:59    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-03-10 04:42:19    --------    d-----w-    c:\programdata\WEBREG
2014-03-10 04:36:32    --------    d-----w-    c:\program files\common files\Hewlett-Packard
2014-03-10 04:32:00    372736    ----a-w-    c:\windows\system32\hppldcoi.dll
2014-03-10 02:00:52    --------    d-----w-    c:\program files\common files\Sony Shared
.
==================== Find3M  ====================
.
2014-03-12 22:09:15    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 22:09:15    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-10 22:52:30    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-10 22:03:44    60    ----a-w-    c:\windows\wpd99.drv
2014-02-23 05:47:19    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-23 05:40:18    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-02-23 05:39:28    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-23 05:38:08    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-23 05:37:49    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-23 05:36:22    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-01-24 14:19:42    231960    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-13 03:21:53    49940480    ----a-w-    c:\program files\GUT6F9.tmp
.
============= FINISH:  9:35:49.97 ===============
 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Ralph Richards (administrator) on 08-04-2014 at 20:45:45
Running from "F:\"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 10.0.0.1:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC = Local Area Connection (Disconnected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : RalphRichard-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-21-6B-2D-21-CA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{14D1F406-93AC-4A71-A3B4-1AE6787332DC}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 21 6b 2d 21 ca ...... Intel® WiFi Link 5100 AGN
  1 ........................... Software Loopback Interface 1
 21 ...00 00 00 00 00 00 00 e0  isatap.{14D1F406-93AC-4A71-A3B4-1AE6787332DC}
 18 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/08/2014 07:59:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 07:42:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 01:00:41 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01e0bff0,
process id 0x68c, application start time 0xsvchost.exe0.

Error: (04/08/2014 00:59:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 09:58:46 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0215bff0,
process id 0x1520, application start time 0xsvchost.exe0.

Error: (04/08/2014 09:58:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 09:40:33 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0225bff0,
process id 0x1368, application start time 0xsvchost.exe0.

Error: (04/08/2014 09:39:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 09:07:44 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0220bff0,
process id 0x1538, application start time 0xsvchost.exe0.

Error: (04/08/2014 09:05:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/08/2014 08:33:49 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/08/2014 08:00:01 PM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (04/08/2014 07:59:53 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (04/08/2014 07:59:53 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/08/2014 07:48:40 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/08/2014 07:43:11 PM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (04/08/2014 07:42:55 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (04/08/2014 07:42:55 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/08/2014 01:00:02 PM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (04/08/2014 00:59:41 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20


Microsoft Office Sessions:
=========================
Error: (04/08/2014 07:59:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 07:42:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 01:00:41 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000501e0bff068c01cf52d6b2e27b53

Error: (04/08/2014 00:59:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 09:58:46 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c00000050215bff0152001cf52bd4992a58e

Error: (04/08/2014 09:58:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 09:40:33 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c00000050225bff0136801cf52babf89513f

Error: (04/08/2014 09:39:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 09:07:44 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c00000050220bff0153801cf52b6290de537

Error: (04/08/2014 09:05:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-17 07:30:15.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:30:15.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:30:15.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:30:14.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:28:43.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:28:43.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:28:43.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:28:43.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:28:42.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-17 07:28:42.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.3.2.30303)
32 Bit HP CIO Components Installer (Version: 7.1.8)
3DVIA player 5.0.0.20 (Version: 5.0.20)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 3.5.0.1060)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader 9.5.5 (Version: 9.5.5)
Adobe Shockwave Player (Version: 10.2.0.023)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Agere Systems HDA Modem
Apple Application Support (Version: 3.0)
Apple Mobile Device Support (Version: 7.1.0.32)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.10.3.31)
Audacity 1.3.12 (Unicode)
Bing Desktop (Version: 1.3.174.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
CyberLink DVD Suite (Version: 5.5.1519)
CyberLink YouCam (Version: 2.0.1616)
D5500 (Version: 140.0.690.000)
DeviceDiscovery (Version: 140.0.212.000)
DJ_SF_06_D5500_SW_Min (Version: 140.0.690.000)
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
Google Chrome (Version: 33.0.1750.154)
Google Talk Plugin (Version: 5.2.4.18058)
Google Update Helper (Version: 1.3.23.9)
GPBaseService2 (Version: 140.0.211.000)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2630)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet D5500 Printer Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Doc Viewer (Version: 1.03.0001)
HP Easy Setup - Frontend (Version: 5.7.0.2630)
HP Help and Support (Version: 2.0.7.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP MULTIPLE MODEM INSTALLER for VISTA (Version: 1.0.0.30)
HP Photo Creations (Version: 1.0.0.12992)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Quick Launch Buttons 6.40 D1 (Version: 6.40 D1)
HP QuickPlay 3.7
HP QuickTouch 1.00 D2 (Version: 1.0.9)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Support Solutions Framework (Version: 11.50.0011)
HP Update (Version: 5.005.000.002)
HP User Guides 0102 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 I2)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoGadget (Version: 140.0.524.000)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)
hpphotosmartdisclabelplugin (Version: 2.02.0000)
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
iCloud (Version: 2.1.3.25)
IDT Audio (Version: 1.0.5893.0)
Intel® Matrix Storage Manager
iTunes (Version: 11.1.4.62)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 6 Update 5 (Version: 1.6.0.50)
JMicron JMB38X Flash Media Controller (Version: 1.00.10.04)
LabelPrint (Version: 2.20.2719)
LAME v3.98.2 for Audacity
LightScribe System Software (Version: 1.18.23.1)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliType Pro 6.3 (Version: 6.30.191.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 28.0 (x86 en-GB) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My HP Games (Version: 1.0.0.43)
neroxml (Version: 1.0.0)
Network (Version: 140.0.215.000)
NVIDIA Drivers (Version: 1.10)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pdf995
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
PowerDVD
ProtectSmart Hard Drive Protection (Version: 3.10 A7)
PSSWCORE (Version: 2.02.0000)
PVSonyDll (Version: 1.00.0001)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
QuickTime (Version: 7.74.80.86)
Reader for PC (Version: 2.2.00.11270)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Shop for HP Supplies (Version: 14.0)
Skype™ 6.14 (Version: 6.14.104)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 140.0.212.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Toolbox (Version: 140.0.428.000)
Transition Maths
TrayApp (Version: 140.0.212.000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCRedistSetup (Version: 1.0.0)
VideoToolkit01 (Version: 100.0.128.000)
VLC media player 1.1.11 (Version: 1.1.11)
WD Diagnostics (Version: 1.09.0002)
WebReg (Version: 140.0.212.017)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3068.27 MB
Available physical RAM: 1733.23 MB
Total Pagefile: 6337.52 MB
Available Pagefile: 5319.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.41 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:363.02 GB) (Free:263.96 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.59 GB) (Free:1.71 GB) NTFS
4 Drive f: (UNSW-ADFA) (Removable) (Total:3.69 GB) (Free:3.63 GB) NTFS

========================= Users: ========================================

User accounts for \\RALPHRICHARD-PC

Administrator            Guest                    Ralph Richards           


**** End of log ****
 

 

 

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 20:53:26
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Ralph Richards - RALPHRICHARD-PC
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Ralph Richards\AppData\Local\Conduit
Folder Deleted : C:\Users\RALPHR~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Ralph Richards\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ralph Richards\AppData\LocalLow\TotalRecipeSearch_14EI
Folder Deleted : C:\Users\Ralph Richards\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\ConduitCommon
Folder Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\Smartbar
Folder Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\ValueApps
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\GameTapPlayer@gametap.com
File Deleted : C:\END
File Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\user.js
File Deleted : C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0BBD81B-2C05-4515-A7CF-E16F18C29C33}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\TotalRecipeSearch_14EI
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]

-\\ Mozilla Firefox v28.0 (en-GB)

[ File : C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\prefs.js ]

Line Deleted : user_pref("CT3008668..clientLogIsEnabled", true);
Line Deleted : user_pref("CT3008668..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3008668..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3008668./9b+7e+x305.from_oldbar.enc", "JH4nQTM0NjN5RTo9KnIseXp+ejEoMztHSVNGLVhNUD0mPy0uMTVEO0ZOT1tWXmlbQm1iZVI7VEJDRklZUFtjfXN7blUhdXhlTmdVVllbbGNudnwmKzB7aTUqLXlie2lqbW4hdyMrNzt0NHxIPSBF[...]
Line Deleted : user_pref("CT3008668./9b+7e,x305.from_oldbar.enc", "JH4oQS8/Pjd5RTo9KnIseXt4fTEoMzxHSEAsV0xPPCU+LC4rL0M6RU5ZUFtXZ2pmQm1iRV5pVD1WREZDRltSXWZxbCFua1h9c2dQaVdZVlhuZXB5MycyfWo2Ky56Y3xqbGlqIngkLUY6PkVGSUxA[...]
Line Deleted : user_pref("CT3008668./9b+7e-x305.from_oldbar.enc", "JH4pMnZBNjk3MzVFOX4/STsvdzF+ICUgNi04QkdKWFFaXFhdUF9ZOWRZXEkySzk6PzlQR1JcQXNoa2llZ3t5b217blUhdXhZJnZoUWpYWV5Xb2ZxezAkMiQ4J205LjFxPi8haSNwcXV4KH4qNDk8[...]
Line Deleted : user_pref("CT3008668./9b+7e/x305.from_oldbar.enc", "JH4rQTU2MnhEOTwpcSt4fHt3MCcyPkxDQ1NOLVhbPCU+LDAuNEM6RVFYYmleZ1pBbGFkUTpTQUVDSFhPWmZte3xxdHJucCF0dFsne35rVG1bX11hcml0IS8nJiY7MXE6KD46QjY+QTR7QDxIeyBN[...]
Line Deleted : user_pref("CT3008668./9b+7e06cg5el8:.from_oldbar.enc", "bm1pcGxub3R3dw==");
Line Deleted : user_pref("CT3008668./9b+7e06cg5el;8i:k.from_oldbar.enc", "JH4tLyJqdHNvdnJ0dXp9fSQvS0lHT0I1fV1cPQ==");
Line Deleted : user_pref("CT3008668./9b+7e0x305.from_oldbar.enc", "JH4sQDpAd0M4OyhwKnd8dX0vJjE+QSlVR0hNUVpOWlkyXVJVQitEMjcwN0lAS1heaF5wbm5mdGJuaWtNeG1wXUZfTVJLUWRbZnMje3csKiovJWQwJSh0XXZkaWJne3J9KzZ0OjYyPUBANXxIPUAt[...]
Line Deleted : user_pref("CT3008668./9b+7e1x305.from_oldbar.enc", "JH4tQTE9QDJ5RTo9KnIsend5fjEoM0FHPkVHRUgvWk9SPyhBMC0vM0Y9SFZiZWhca2dfbXBgSHNoa1hBWklGSEtfVmFvfCF9dHR6eCdfKyAjb1hxYF1fYXZteCc3OjYwMio9QXZCNzonbyl3dHZ3[...]
Line Deleted : user_pref("CT3008668./9b+7e2x305.from_oldbar.enc", "JH4uNUIxPT05OntHPD8sdC55IH0yKTRDVlVORy5ZTlEyXk9BKkM1NzIxSD9KWWVfX2JsW3FzaXVpdXRNeG1wUX5rYEliUlBUUWdeaXgoLXx8Yy8kJ3NcdWRmZmh6cXwsO0AwQDx0eDQ9MHxIPUAt[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cj4b:feao<??btjnw,wlo.from_oldbar.enc", "JH5hOT8jayV2cXlxeisiLW9CUEVOM3s1QU9HU1JOXElMTE9hV1tkOWRZXElASy5rblxQOVJEP1VMVzpmYmx4XUZfTmFYY0Zyc3xoUWpbWm1kbyIhJTEhNCR3YCB6XSs6L[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cj7fk;kg#ncep@mc+vkn.from_oldbar.enc", "JH5hOT8jayVzdHFxKiEsbkFPRE0yejRDUldHV1MvWk9RXExZTzdiV1pHPkksWFReak84UTxTSlU4ZGVuWkNcS15VYHJxdSJxJXRoUTFxbCIvfC8rclt6dVgwNnliezsxL2[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cjc6?9<jk$odg(ub.from_oldbar.enc", "JH5hOT8jayV1dXdyKiEsbkFPRE0yejRPQktFSFZXMFtQUzRhTkM6RShlWlVdWFtVTjdQMn5TSlU4ZGVuWkNcS15VYHJxdSJxJXRoUXBrIS57LipxWnl0Vy81eGF6OjAuZl1ZTW[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cjc<=fbj#ncf'ta.from_oldbar.enc", "JH5hOT8jayVyb3ZyKiEsbkFPRE0yejRPSElSTlYvWk9SM2BNQjlEJ2RZVFxXWlRNNk8xfVJJVDdjX2l1WkNcTl5VYEMgdSMoJXl8eiAoeSoxLS0nM3t0XXZnamtse3J9YC0uNyN[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cjhb>f!lad.from_oldbar.enc", "JH5hOT8jayVzc3kpICttQE5DTDF5M1NNSVEsV0xPPDM+IU1JU19ELUYxSD9KLVlaY084UUBTSlViZm1ZQiJiXW17emFKY2ojI3V1enx6eXoreH1iVzo1an1YbUFscGVDRHRGR3ZJSnxL[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cji8=:!lad.from_oldbar.enc", "JH5hOT8jayVzeCh+Kmw/TUJLMHgyU0JHRCtWS047Mj0gXVJNVVBTTUYvSCQqS0JNMG1wXlI7VERWTVg7Z2hxXUZfUE9iWWRxdXxoUXBreyopb1hxeCRZPDdsIFpvQ25yZ0VGdkhJeEtM[...]
Line Deleted : user_pref("CT3008668./9b+7e31;cji>g;elocm;dcqde,wlo.from_oldbar.enc", "JH5hOT8jayVxcXF3KiEsbkFPRE0yejRVSlNHUVhbT1lHUE9dUFE4Y1hbSD9KLWpfWmJdYFpTPFUjJlhPWj16fWtfSGFTTWRbZkl1diBrVG1eXXBnciUkKDQkNyd6Y0Mkf[...]
Line Deleted : user_pref("CT3008668./9b+7e4x305.from_oldbar.enc", "JH4wLEB2Qjc6J28pd3t0di4lMEE+T0lKUitVVTojPCsvKClBOENUUV5dVmFfVmhcQm1iZVI7VENGSUpZUFtsaXp+IXAjcHZZJXl8XSp6bFVuXWBjY3NqdSckMTgxNzI2KHM/NDd3RTInbyl3en18[...]
Line Deleted : user_pref("CT3008668./9b+7e5x305.from_oldbar.enc", "JH4xNkIrd0M4OyhwKnl1encvJjFDSz1JVkpQWS5ZTjFKVUApQjIuMy9HPklbXVlaal5YcHJiZ0l0aWxZQltLR0tRYFdidHwkc3N3JiAkICpiLiMmclt0ZGBkaXlwey42PS4uNDR3Qzh6ND8qcix7[...]
Line Deleted : user_pref("CT3008668./9b+7e6x305.from_oldbar.enc", "JH4yLD4yMjI4RT58SD1ALXUvfnskJDQrNklTVFJZWFpaUFJONmFWWUYvSDg1PTxNRE9ibG1rcnFqd2FNeG1wXUZfT0xUUWRbZnl7Jnh4KX4vKS0yMGczKCt3YHlpZm5qfnUhNDZAQ0Y8PXxIPUAt[...]
Line Deleted : user_pref("CT3008668./9b+7e7x305.from_oldbar.enc", "JH4zPSw/Pj95RTo9KnIse3p5ejEoM0dRP0RVWUJMWjFcUVRBKkMzMjA3SD9KXmhWW1lwYG5sZmFkc0x3bG9cRV5OTUtRY1pleSR6KSN4emEtIiVxWnNjYmBleG96Ly8rODg0PEIwMjQ5QzY0SztJ[...]
Line Deleted : user_pref("CT3008668./9b+7e8x305.from_oldbar.enc", "JH40PT87NTc7PzZ8R0csdC5+eCMyKTRJVlVARy5ZTlE+J0AwMjUzRTxHXFVYY2plbmJebGFrcGhzS3ZrbltEXU1PUk9iWWR5J3ZyKnkoYCwhJHBZcmJkZ2J3bnkvNCs8MXM/NHYwOyZuKHd5fHYt[...]
Line Deleted : user_pref("CT3008668./9b+7e9x305.from_oldbar.enc", "JH41Myw/MnhEOTwpcSt7dXl5MCcySExPT0RQTEdUWFxQSDRfVFdELUY3MTU0S0JNY2tdX19zaWtKdWptWkNcTUdLSWFYY3kib3QlKCR5YCwhJHBZcmNdYGh3bnkwOjorKi50QDU4JW0nd3F0eywj[...]
Line Deleted : user_pref("CT3008668./9b+7e:x305.from_oldbar.enc", "JH42Mzs4MnhEOTwpcSt7dnl6MCcySUhVRUQsV0xPPCU+LyotLUM6RVxnVVteP2pfYk84UUI9QD9WTVhvemh4bHFxVCB0d2RNZldSVVNrYm0lfi16ZjInKnZfeGlkZm59dCA3QjIyMkZENXxHRyx0[...]
Line Deleted : user_pref("CT3008668./9b+7e;x305.from_oldbar.enc", "JH43PzM/NzhCL3tHPD8sdC5+enoiMyo1TUYsV0xPPCU+LysrMUM6RV1jVldcXFpBbGFkUTpTREBARVhPWnJzcXp4bSJWInZ5Zk9oWVVVWW1kbygkLCcqMiEwJ205LjF9ZiBwbGxuJXsnPzpIfklJ[...]
Line Deleted : user_pref("CT3008668./9b+7e<x305.from_oldbar.enc", "JH44NDAwRC9GNkQ3fUk+QS52MCF9JCY1LDdQTEdXUUtPRzRfVFdELUY3NDo6S0JNZl5wW2RlcWNKdWptWkNcTUpQT2FYY3xxeSB1JiFfKyAjb1hxYl9lYnZteDIuMCUsODIydUE2OSZuKHh1e3ct[...]
Line Deleted : user_pref("CT3008668./9b+7e=x305.from_oldbar.enc", "JH45MzY/QUE3OTV8SD1ALXUvIH4gIjQrNlBUWVdMVU9RWzRfVFdELUY3Njc4S0JNZ2twbmBvYWZrY2ZNeG1wXUZfUE9QUGRbZiElfHlzemEtIiVxWnNkY2RjeG96NT0yM0A/Oz8zeEQ5PClxK3t6[...]
Line Deleted : user_pref("CT3008668./9b+7e>x305.from_oldbar.enc", "JH46QTY/MjI4OHtHPD8sdC5+ICF8Myo1UE9TRkgvWk9SPyhBMjM0L0Y9SGNcXWZiakNuY2ZTPFVGR0hCWlFcd3B3cyAjcSFZJXl8aVJrXF1dYXBnci4hLiQ4KDg3Lyo6LnM/NDckbCZ2d3d6KyIt[...]
Line Deleted : user_pref("CT3008668./9b+7e?x305.from_oldbar.enc", "JH47LS8vM0E0QDo6fUlMLXUvICMgfjQrNlJQTFJJVVJWUlw1YFVYRS5HODs4NkxDTmpwb19lY11zb2d1eGhMZXBrVCB0d2RNZldaV1RrYm0qIisvJS5oNCkseGF6a25rZyB2Ij5EQkEzNkE8PiBL[...]
Line Deleted : user_pref("CT3008668./9b+7e@x305.from_oldbar.enc", "JH48QEIrd0M4OyhwKnt2fngvJjFOUlQ9KlVKLUZRPCU+MCszLEM6RWJnVlFiWWVfX0NuY0ZfalU+V0lETERcU157IXR8eCF0WiZ6fWpTbF5ZYGJxaHMxNCkmJm05LjF9ZiBxbHN0JXsnRDY5PT9F[...]
Line Deleted : user_pref("CT3008668./9b+7eax305.from_oldbar.enc", "JH49PTc4d0M4OyhwKnt6dX4vJjFPS1JLREVJS0lIVFBYWVJTX1E4Y1hbSDFKPDs2PU9GUW9rbm1jd21odmZQe3BzYEliVFNOVGdeaSgsdCsrMCZlMSYpdV53aWhjaHxzfj0wLj0yMjg2RHxIPUAt[...]
Line Deleted : user_pref("CT3008668./9b+7ebe3g=;d9n9=d.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZJZXFzTTNLVw==");
Line Deleted : user_pref("CT3008668./9b+7ecx305.from_oldbar.enc", "JH4/PTAwQzEuekY7PitzLXsgfjEoM1NRVlVRV1pPWExeM15TVkMsRTQ4NklAS2tZVmxoa0ZxZmlWP1hHS0hcU15+bGlWInZ5Zk9oV1tXbGNuLzEhJjAjNio1LCw6MTlxPTI1ImokcnZxKH4qSkE/[...]
Line Deleted : user_pref("CT3008668./9b+7edx305.from_oldbar.enc", "JH5ANUIqNjh5RTo9KnIsfSAvJjFSR1Q8SEosV0wvSFM+J0AyM0M6RWZbaFBcXkBrbk84UUNDVEtWd2x5YW1vUXxxVHhzY0xlV1ZoX2osIS51IiRlLiN0XXZoZnlwez06LjIyNDExRTtDe0c8Pyx0[...]
Line Deleted : user_pref("CT3008668./9b+7etx305.from_oldbar.enc", "JH5uLy47MjNCNXtEOStzLXp7e3wyKTQjUkxUV0dKTlBWXUphUV9dV1JVZD1oXWBNNk89Pj49VEtWRUhqc21pb1J9cnViS2RSU1NRaWBrWnt7dyYueWczKCt3YHlnaGdvfnUhcm01Pjg0OnxIPUAt[...]
Line Deleted : user_pref("CT3008668./9b-0?3g>d.from_oldbar.enc", "Zj09aXFBQnJ6RXJHRSB0fExOJXpNIlIqfikhWVglJ1tcKGBc");
Line Deleted : user_pref("CT3008668./9b-0?3g@6:5;.from_oldbar.enc", "AA==");
Line Deleted : user_pref("CT3008668./9b-0?3gfa7ef.from_oldbar.enc", "Ky4sPQ==");
Line Deleted : user_pref("CT3008668./9b-3=3eccja=f>.from_oldbar.enc", "JH4zPSxFL0E1J28pKiEsOT1EMHgyMyo1REhYTDojLjM+WGBPZFZgT2hSZFhYY15gTjdrcWdhcFk=");
Line Deleted : user_pref("CT3008668./9b/556,bi5a>g.from_oldbar.enc", "bm1sbmpvcXRzb3l4dg==");
Line Deleted : user_pref("CT3008668./9b/>01=9a6k6<im;krie@pdawm.from_oldbar.enc", "amlrcnN0dXY=");
Line Deleted : user_pref("CT3008668./9b3=>@44i48?.from_oldbar.enc", "NywtMml1djNCNjNBSEcgPj1HTk1MRUdPKlVKTS1YWFheS1VONmNSVk8=");
Line Deleted : user_pref("CT3008668./9b5ba==9cjag.from_oldbar.enc", "Z21tb3BwP3F6QndxentJS3d9fH1O");
Line Deleted : user_pref("CT3008668./9b6b11g4c56b>f;p;anr@p.from_oldbar.enc", "bm1pcGxub3VucnB4cg==");
Line Deleted : user_pref("CT3008668./9b9643g3/9e.from_oldbar.enc", "ag==");
Line Deleted : user_pref("CT3008668./9b;45>:bi9i7ie.from_oldbar.enc", "Ky4sPQ==");
Line Deleted : user_pref("CT3008668./9b<:222h64<.from_oldbar.enc", "OT81Lz4=");
Line Deleted : user_pref("CT3008668./9b<:222h64<l8daj.from_oldbar.enc", "bXBwcHZzc3l3cCp6dXJ4e3UhfA==");
Line Deleted : user_pref("CT3008668./9b=+03eh8h8j?:.from_oldbar.enc", "REM=");
Line Deleted : user_pref("CT3008668./9b?+e2a52d8.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZkcHJ5UVVeXlI=");
Line Deleted : user_pref("CT3008668./9b?b0d:8aj62<h.from_oldbar.enc", "bQ==");
Line Deleted : user_pref("CT3008668./9ba@0<0bi6a7gn:6@l?.from_oldbar.enc", "bA==");
Line Deleted : user_pref("CT3008668.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3008668.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3008668.AppTrackingLastCheckTime", "Fri Mar 30 2012 16:03:58 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.BrowserCompStateIsOpen_129558882344224997", true);
Line Deleted : user_pref("CT3008668.BrowserCompStateIsOpen_129683379764764212", true);
Line Deleted : user_pref("CT3008668.BrowserCompStateIsOpen_129991042513604904", true);
Line Deleted : user_pref("CT3008668.BrowserCompStateIsOpen_1366704347000", true);
Line Deleted : user_pref("CT3008668.BrowserCompStateIsOpen_1367226350000", true);
Line Deleted : user_pref("CT3008668.CT3008668", "CT3008668");
Line Deleted : user_pref("CT3008668.CT3008668.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3008668&octid=CT3008668&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT3008668.ConfigurationLastCheckTime", "Mon Nov 11 2013 15:12:46 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.CurrentServerDate", "11-11-2013");
Line Deleted : user_pref("CT3008668.DSInstall", true);
Line Deleted : user_pref("CT3008668.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3008668.DialogsGetterLastCheckTime", "Mon Nov 11 2013 09:50:44 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3008668.EMailNotifierPollDate", "Mon Feb 13 2012 19:18:01 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3008668.ExternalComponentPollDate129498282979356777", "Sat Apr 07 2012 11:33:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.FirstServerDate", "12-2-2012");
Line Deleted : user_pref("CT3008668.FirstTime", true);
Line Deleted : user_pref("CT3008668.FirstTimeFF3", true);
Line Deleted : user_pref("CT3008668.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT3008668.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3008668.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3008668.HPInstall", true);
Line Deleted : user_pref("CT3008668.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3008668.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3008668.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3008668&SearchSource=13");
Line Deleted : user_pref("CT3008668.Initialize", true);
Line Deleted : user_pref("CT3008668.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3008668.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3008668.InstallationType", "Unknown");
Line Deleted : user_pref("CT3008668.InstalledDate", "Sun Feb 12 2012 10:41:09 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.InvalidateCache", false);
Line Deleted : user_pref("CT3008668.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3008668.IsGrouping", false);
Line Deleted : user_pref("CT3008668.IsInitSetupIni", true);
Line Deleted : user_pref("CT3008668.IsMulticommunity", false);
Line Deleted : user_pref("CT3008668.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3008668.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3008668.IsProtectorsInit", true);
Line Deleted : user_pref("CT3008668.LanguagePackLastCheckTime", "Mon Nov 11 2013 15:12:47 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3008668.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3008668.LastLogin_3.10.0.1", "Sat Apr 07 2012 11:33:45 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:27:39 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.12.2.3", "Thu May 31 2012 03:43:57 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:41:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.14.1.0", "Wed Aug 22 2012 07:31:51 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.15.1.0", "Wed Nov 07 2012 23:09:07 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.16.0.3", "Mon Feb 11 2013 16:04:15 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.18.0.7", "Wed Jul 17 2013 20:35:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.19.0.3", "Wed Sep 11 2013 15:20:08 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.20.0.4", "Tue Nov 12 2013 01:57:01 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.LastLogin_3.9.0.3", "Wed Feb 15 2012 13:32:56 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT3008668.Locale", "en");
Line Deleted : user_pref("CT3008668.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3008668.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT3008668.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3008668.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3008668.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3008668.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT3008668.RadioIsPodcast", false);
Line Deleted : user_pref("CT3008668.RadioLastCheckTime", "Mon Feb 13 2012 10:41:16 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3008668.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3008668.RadioMediaID", "9962");
Line Deleted : user_pref("CT3008668.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3008668.RadioMenuSelectedID", "EBRadioMenu_CT3008668_RECENT9962");
Line Deleted : user_pref("CT3008668.RadioShrinked", "shrinked");
Line Deleted : user_pref("CT3008668.RadioShrinkedFromSetup", true);
Line Deleted : user_pref("CT3008668.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3008668.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3008668.SHRINK_TOOLBAR", 0);
Line Deleted : user_pref("CT3008668.SavedHomepage", "hxxp://au.yahoo.com/");
Line Deleted : user_pref("CT3008668.SearchAPILastCheckTime", "Mon Nov 11 2013 15:12:46 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.SearchCaption", "Productivity 3.1 Customized Web Search");
Line Deleted : user_pref("CT3008668.SearchEngineBeforeUnload", "Productivity 3.1 Customized Web Search");
Line Deleted : user_pref("CT3008668.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3008668.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q=");
Line Deleted : user_pref("CT3008668.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3008668.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3008668.SearchInNewTabLastCheckTime", "Wed Sep 11 2013 07:20:09 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3008668.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT3008668&octid=CT3008668&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT3008668.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3008668.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3008668.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3008668.ServiceMapLastCheckTime", "Mon Nov 11 2013 15:12:46 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.SettingsLastCheckTime", "Tue Nov 12 2013 01:56:59 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.SettingsLastUpdate", "1384160277");
Line Deleted : user_pref("CT3008668.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3008668&SearchSource=13");
Line Deleted : user_pref("CT3008668.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3008668.ThirdPartyComponentsLastCheck", "Sat Mar 31 2012 17:00:21 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3008668.ToolbarShrinkedFromSetup", true);
Line Deleted : user_pref("CT3008668.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3008668.UserID", "UN62132488979047678");
Line Deleted : user_pref("CT3008668.ValidationData_Search", 2);
Line Deleted : user_pref("CT3008668.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3008668.WeatherNetwork", "");
Line Deleted : user_pref("CT3008668.WeatherPollDate", "Mon Feb 13 2012 19:18:03 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.WeatherUnit", "C");
Line Deleted : user_pref("CT3008668._9b90e_.3c;7b=?ofb>>rhiqs.from_oldbar.enc", "OT81Lz4=");
Line Deleted : user_pref("CT3008668._9b_7e.:2z527.from_oldbar.enc", "JH5wcWtxdzw3J28peXV0dXcvJjEjIyNPSEtMVS5TST0mPzArMDUvRTxHOTg8PWRgXFtfcWVxcEl0aWxNemdcRV5PSk9OTWRbZlhWVFpfJXpuV3BhXGJkZ3ZteGo7Lzpucj5BImokdG91d3cqIS[...]
Line Deleted : user_pref("CT3008668._9b_7e.x305.from_oldbar.enc", "JH4qQTc3RDQzekY7PitzLXp9fCEyKTQ/VkZUUkxHSllaSFFQXlFSOWRZXEkySzk8Oz5QR1JdbGprb3htaFBqb3FxdCJWInZ5Zk9oVllYWm1kb3p7Mn1oNCkseGF6aGtqayB2Ii1AOjNGQD5HfklJ[...]
Line Deleted : user_pref("CT3008668.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3008668.alertChannelId", "1400399");
Line Deleted : user_pref("CT3008668.approveUntrustedApps", false);
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e06cg5el8:", "6E6D69706C6E6F747777");
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736F767274757A7D7D242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cj4b:feao<??btjnw,wlo", "247E61393F236B25767179717A2B222D6F4250454E337B35414F4753524E5C494C4C4F61575B643964595C49404B2E6B6E5C503952443F554C573A66626C785D46[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cjc6?9<jk$odg(ub", "247E61393F236B25757577722A212C6E414F444D327A344F424B45485657305B505334614E433A4528655A555D585B554E3750327E534A553864656E5A435C4B5E55607[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F444D327A344F4849524E562F5A4F5233604D423944276459545C575A544D364F317D52495437635F69755A435C4E5E556043[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A5562666D594222625D6D7B7A614A636[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cji8=:!lad", "247E61393F236B257378287E2A6C3F4D424B307832534247442B564B4E3B323D205D524D5550534D462F48242A4B424D306D705E523B5444564D583B6768715D465F504F62596[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C6E414F444D327A34554A534751585B4F5947504F5D50513863585B483F4A2D6A5F5A625D605A533C552326584F5A3D7A7D6B[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT3008668.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT3008668.backendstorage./9b-0?3g>d", "663D3D69714142727A4572474520747C4C4E257A4D22522A7E2921595825275B5C28605C");
Line Deleted : user_pref("CT3008668.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT3008668.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT3008668.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT3008668.backendstorage./9b/556,bi5a>g", "6E6D6C6E6A6F7174736F797876");
Line Deleted : user_pref("CT3008668.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT3008668.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("CT3008668.backendstorage./9b5ba==9cjag", "676D6D6F70703F717A4277717A7B494B777D7C7D4E");
Line Deleted : user_pref("CT3008668.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D69706C6E6F756E72707872");
Line Deleted : user_pref("CT3008668.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
Line Deleted : user_pref("CT3008668.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3008668.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3008668.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3008668.backendstorage./9b<:222h64<l8daj", "6D7070707673737977702A7A7572787B75217C");
Line Deleted : user_pref("CT3008668.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3008668.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3008668.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3008668.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Deleted : user_pref("CT3008668.backendstorage.cb_experience_000", "3135");
Line Deleted : user_pref("CT3008668.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT3008668.backendstorage.cb_user_id_000", "43423531323339303133353032315F46697265666F78");
Line Deleted : user_pref("CT3008668.backendstorage.cbcountry_000", "4155");
Line Deleted : user_pref("CT3008668.backendstorage.cbcountry_001", "4155");
Line Deleted : user_pref("CT3008668.backendstorage.cbfirsttime", "547565204A616E20323420323031322031303A32323A333120474D542B313130302028415553204561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT3008668.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT3008668.backendstorage.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7033222C2276657273696F6E223A31307D");
Line Deleted : user_pref("CT3008668.backendstorage.discover-periodic-reports", "7B2270696E675F30223A5B313338323736363230333533392C31343430303030305D7D");
Line Deleted : user_pref("CT3008668.backendstorage.discover-user-id", "2265343362393137392D353930642D343964342D383833352D64303661366638366635333422");
Line Deleted : user_pref("CT3008668.backendstorage.enablecorticapicclick", "74727565");
Line Deleted : user_pref("CT3008668.backendstorage.event_data", "253542253544");
Line Deleted : user_pref("CT3008668.backendstorage.fired_events", "");
Line Deleted : user_pref("CT3008668.backendstorage.ground-country-code", "22415522");
Line Deleted : user_pref("CT3008668.backendstorage.hover_counter", "32");
Line Deleted : user_pref("CT3008668.backendstorage.impression_counter", "36");
Line Deleted : user_pref("CT3008668.backendstorage.impression_session_counter", "30");
Line Deleted : user_pref("CT3008668.backendstorage.impression_session_id", "2238343661363066342D623632332D346262392D383935632D34316438633965326639323622");
Line Deleted : user_pref("CT3008668.backendstorage.impression_session_last_active", "31333832373636353737373531");
Line Deleted : user_pref("CT3008668.backendstorage.key_date", "3236");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A22446973636F766572222C2275726C223A22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F74692E68746D6C222[...]
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_appstatereporttime", "31333832373636313934303236");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A22446973636F766572222C22637269746572696173223A5B7B2263726974657269614964223A2235343135303265[...]
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_lastlogintime", "31333832373636313934373630");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_mamenabled", "66616C7365");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223A223230313331303236222C22696E74657276616C223A32343[...]
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223236375F30222C2269735465737422[...]
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2234365F30222C22697354657374223A[...]
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_userid", "64323036333534322D396164372D343235642D623066362D333932326165363132613534");
Line Deleted : user_pref("CT3008668.backendstorage.mam_gk_welcomedialogmode", "31");
Line Deleted : user_pref("CT3008668.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT3008668.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT3008668.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT3008668.backendstorage.sf_user_id", "6369645F3235363230313331323230343935303339323638");
Line Deleted : user_pref("CT3008668.backendstorage.shoppingapp.gk.exipres", "5475652053657020323520323031322031363A33343A333520474D542B313030302028415553204561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT3008668.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961");
Line Deleted : user_pref("CT3008668.backendstorage.undefined", "4672692046656220303320323031322031393A34343A353620474D542B313130302028415553204561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT3008668.backendstorage.url_history", "687474703A2F2F6C6F67696E2E7961686F6F2E636F6D2F636F6E6669672F6C6F67696E3B5F796C743D416F5850366632354772435565674F4765756A5749354968306C49363F6C6F676F7[...]
Line Deleted : user_pref("CT3008668.backendstorage.url_history0001", "6A6176617363726970743A3B3A3A3A636C69636B68616E646C65723A3A3A313337323134393332373131332C2C2C6A6176617363726970743A576562466F726D5F446F506F7374426[...]
Line Deleted : user_pref("CT3008668.backendstorage.url_history_time", "31333238363730303834393332");
Line Deleted : user_pref("CT3008668.cb_experience_000.from_oldbar.enc", "MTU=");
Line Deleted : user_pref("CT3008668.cb_firstuse0100.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3008668.cb_user_id_000.from_oldbar.enc", "Q0I1MTIzOTAxMzUwMjFfRmlyZWZveA==");
Line Deleted : user_pref("CT3008668.cbcountry_000.from_oldbar.enc", "QVU=");
Line Deleted : user_pref("CT3008668.cbcountry_001.from_oldbar.enc", "QVU=");
Line Deleted : user_pref("CT3008668.cbfirsttime.from_oldbar.enc", "VHVlIEphbiAyNCAyMDEyIDEwOjIyOjMxIEdNVCsxMTAwIChBVVMgRWFzdGVybiBEYXlsaWdodCBUaW1lKQ==");
Line Deleted : user_pref("CT3008668.cbopenmamsettings.from_oldbar.enc", "MA==");
Line Deleted : user_pref("CT3008668.components.1000034", false);
Line Deleted : user_pref("CT3008668.components.1000082", false);
Line Deleted : user_pref("CT3008668.components.1000234", false);
Line Deleted : user_pref("CT3008668.components.129498282980606782", false);
Line Deleted : user_pref("CT3008668.countryCode", "AU");
Line Deleted : user_pref("CT3008668.discover-experiments-photopop.from_oldbar.enc", "eyJuYW1lIjoicGhvdG9wb3AzIiwidmVyc2lvbiI6MTB9");
Line Deleted : user_pref("CT3008668.discover-periodic-reports.from_oldbar.enc", "eyJwaW5nXzAiOlsxMzgyNzY2MjAzNTM5LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3008668.discover-user-id.from_oldbar.enc", "ImU0M2I5MTc5LTU5MGQtNDlkNC04ODM1LWQwNmE2Zjg2ZjUzNCI=");
Line Deleted : user_pref("CT3008668.enableAlerts", "always");
Line Deleted : user_pref("CT3008668.enablecorticapicclick.from_oldbar.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3008668.event_data.from_oldbar.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3008668.fired_events.from_oldbar.enc", "AA==");
Line Deleted : user_pref("CT3008668.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT3008668.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT3008668.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3008668.fullUserID", "UN62132488979047678.UP.2036070452");
Line Deleted : user_pref("CT3008668.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3008668.globalFirstTimeInfoLastCheckTime", "Fri Mar 30 2012 17:40:48 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.ground-country-code.from_oldbar.enc", "IkFVIg==");
Line Deleted : user_pref("CT3008668.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3008668.homepageuserchanged", true);
Line Deleted : user_pref("CT3008668.hover_counter.from_oldbar.enc", "Mg==");
Line Deleted : user_pref("CT3008668.impression_counter.from_oldbar.enc", "Ng==");
Line Deleted : user_pref("CT3008668.impression_session_counter.from_oldbar.enc", "MA==");
Line Deleted : user_pref("CT3008668.impression_session_id.from_oldbar.enc", "Ijg0NmE2MGY0LWI2MjMtNGJiOS04OTVjLTQxZDhjOWUyZjkyNiI=");
Line Deleted : user_pref("CT3008668.impression_session_last_active.from_oldbar.enc", "MTM4Mjc2NjU3Nzc1MQ==");
Line Deleted : user_pref("CT3008668.initDone", true);
Line Deleted : user_pref("CT3008668.installType", "Unknown");
Line Deleted : user_pref("CT3008668.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3008668.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3008668.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
Line Deleted : user_pref("CT3008668.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3008668.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3008668.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3008668.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3008668.key_date.from_oldbar.enc", "MjY=");
Line Deleted : user_pref("CT3008668.keyword", true);
Line Deleted : user_pref("CT3008668.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3008668&octid=CT3008668&SearchSource=15&CUI=UN62132488979047678&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3008668.lastVersion", "10.22.5.510");
Line Deleted : user_pref("CT3008668.mam_gk_appsdata.from_oldbar.enc", "eyJhcHBzIjpbeyJpZCI6IkRpc2NvdmVyIiwidXJsIjoiaHR0cDovL2Zhc3Rjb250ZW50LmNvbmR1aXQuY29tL3RpLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNEaWFsb2ciOnsi[...]
Line Deleted : user_pref("CT3008668.mam_gk_appsdefaultenabled.from_oldbar.enc", "bnVsbA==");
Line Deleted : user_pref("CT3008668.mam_gk_appstate_couponbuddy.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3008668.mam_gk_appstate_easytobook.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3008668.mam_gk_appstate_easytobook_targeted.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3008668.mam_gk_appstate_pricegong.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3008668.mam_gk_appstate_windowshopper.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3008668.mam_gk_appstatereporttime.from_oldbar.enc", "MTM4Mjc2NjE5NDAyNg==");
Line Deleted : user_pref("CT3008668.mam_gk_calledsetupservice.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3008668.mam_gk_configuration.from_oldbar.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNTQxNTAyZWUtMTgzNy00OGYyLWEzNjYtMjQ2YTZlNjE0OWU4IiwiZG9[...]
Line Deleted : user_pref("CT3008668.mam_gk_currentversion.from_oldbar.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3008668.mam_gk_existingusersrecoverydone.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3008668.mam_gk_first_time.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3008668.mam_gk_lastlogintime.from_oldbar.enc", "MTM4Mjc2NjE5NDc2MA==");
Line Deleted : user_pref("CT3008668.mam_gk_localization.from_oldbar.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMg[...]
Line Deleted : user_pref("CT3008668.mam_gk_mamenabled.from_oldbar.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3008668.mam_gk_showclosebutton.from_oldbar.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3008668.mam_gk_showwelcomegadget.from_oldbar.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3008668.mam_gk_user_approval_interacted.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3008668.mam_gk_userid.from_oldbar.enc", "ZDIwNjM1NDItOWFkNy00MjVkLWIwZjYtMzkyMmFlNjEyYTU0");
Line Deleted : user_pref("CT3008668.mam_gk_welcomedialogmode.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3008668.myStuffEnabled", true);
Line Deleted : user_pref("CT3008668.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3008668.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3008668.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3008668.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3008668.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3008668%26octid%3DCT3008668%26SearchSource%3D15%26CUI%3DUN6[...]
Line Deleted : user_pref("CT3008668.oldAppsList", "129498282977481758,129498282978888024,111,129498282979200525,129498282979356776,129498282979356777,1000082,1000234,129640933603073687,1000034,129558882344224997,129[...]
Line Deleted : user_pref("CT3008668.originalHomepage", "hxxp://au.yahoo.com/");
Line Deleted : user_pref("CT3008668.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3008668.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT3008668.pg_enable.from_oldbar.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3008668.revertSettingsEnabled", true);
Line Deleted : user_pref("CT3008668.search.searchCount", 2);
Line Deleted : user_pref("CT3008668.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3008668.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3008668.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3008668.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3008668.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3008668.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3008668.searchUserMode", "2");
Line Deleted : user_pref("CT3008668.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3008668\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Productivity31.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Productivity 3.1 \"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3008668.serviceLayer_services_Configuration_lastUpdate", "1386836426829");
Line Deleted : user_pref("CT3008668.serviceLayer_services_login_10.20.101.5_lastUpdate", "1384268789587");
Line Deleted : user_pref("CT3008668.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384373154976");
Line Deleted : user_pref("CT3008668.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385106443800");
Line Deleted : user_pref("CT3008668.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386905918149");
Line Deleted : user_pref("CT3008668.serviceLayer_services_searchAPI_lastUpdate", "1386836426334");
Line Deleted : user_pref("CT3008668.serviceLayer_services_serviceMap_lastUpdate", "1386836426303");
Line Deleted : user_pref("CT3008668.serviceLayer_services_toolbarSettings_lastUpdate", "1386905917751");
Line Deleted : user_pref("CT3008668.serviceLayer_services_translation_lastUpdate", "1386836426490");
Line Deleted : user_pref("CT3008668.settingsINI", true);
Line Deleted : user_pref("CT3008668.sf_just_installed.from_oldbar.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3008668.sf_status.from_oldbar.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3008668.sf_user_id.from_oldbar.enc", "Y2lkXzI1NjIwMTMxMjIwNDk1MDM5MjY4");
Line Deleted : user_pref("CT3008668.showToolbarPermission", "false");
Line Deleted : user_pref("CT3008668.smartbar.CTID", "CT3008668");
Line Deleted : user_pref("CT3008668.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3008668.smartbar.toolbarName", "Productivity 3.1 ");
Line Deleted : user_pref("CT3008668.testingCtid", "");
Line Deleted : user_pref("CT3008668.toolbarAppMetaDataLastCheckTime", "Mon Nov 11 2013 15:12:47 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.toolbarBornServerTime", "12-2-2012");
Line Deleted : user_pref("CT3008668.toolbarContextMenuLastCheckTime", "Sun Mar 25 2012 16:36:47 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3008668.toolbarCurrentServerTime", "13-12-2013");
Line Deleted : user_pref("CT3008668.toolbarLoginClientTime", "Tue Nov 12 2013 07:05:05 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3008668.undefined.from_oldbar.enc", "RnJpIEZlYiAwMyAyMDEyIDE5OjQ0OjU2IEdNVCsxMTAwIChBVVMgRWFzdGVybiBEYXlsaWdodCBUaW1lKQ==");
Line Deleted : user_pref("CT3008668.upgradeFromOBVersion", true);
Line Deleted : user_pref("CT3008668.url_history.from_oldbar.enc", "aHR0cDovL2xvZ2luLnlhaG9vLmNvbS9jb25maWcvbG9naW47X3lsdD1Bb1hQNmYyNUdyQ1VlZ09HZXVqV0k1SWgwbEk2P2xvZ291dD0xJi5kaXJlY3Q9MiYuZG9uZT1odHRwOi8vYXUucHJvbW90[...]
Line Deleted : user_pref("CT3008668.url_history0001.from_oldbar.enc", "amF2YXNjcmlwdDo7Ojo6Y2xpY2toYW5kbGVyOjo6MTM3MjE0OTMyNzExMywsLGphdmFzY3JpcHQ6V2ViRm9ybV9Eb1Bvc3RCYWNrV2l0aE9wdGlvbnMobmV3JTIwV2ViRm9ybV9Qb3N0QmFj[...]
Line Deleted : user_pref("CT3008668.url_history_time.from_oldbar.enc", "MTMyODY3MDA4NDkzMg==");
Line Deleted : user_pref("CT3008668.usagesFlag", 2);
Line Deleted : user_pref("CT3008668_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386905913390,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3018509..clientLogIsEnabled", true);
Line Deleted : user_pref("CT3018509..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3018509..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3018509./9b+7e+x305.from_oldbar.enc", "JH4nQTM0NjN5RTo9KnIseXp+ejEoMztHSVNGLVhNUD0mPy0uMTVEO0ZOT1tWXmlbQm1iZVI7VEJDRklZUFtjfXN7blUhdXhlTmdVVllbbGNudnwmKzB7aTUqLXlie2lqbW4hdyMrNzt0NHxIPSBF[...]
Line Deleted : user_pref("CT3018509./9b+7e,x305.from_oldbar.enc", "JH4oQS8/Pjd5RTo9KnIseXt4fTEoMzxHSEAsV0xPPCU+LC4rL0M6RU5ZUFtXZ2pmQm1iRV5pVD1WREZDRltSXWZxbCFua1h9c2dQaVdZVlhuZXB5MycyfWo2Ky56Y3xqbGlqIngkLUY6PkVGSUxA[...]
Line Deleted : user_pref("CT3018509./9b+7e-x305.from_oldbar.enc", "JH4pMnZBNjk3MzVFOX4/STsvdzF+ICUgNi04QkdKWFFaXFhdUF9ZOWRZXEkySzk6PzlQR1JcQXNoa2llZ3t5b217blUhdXhZJnZoUWpYWV5Xb2ZxezAkMiQ4J205LjFxPi8haSNwcXV4KH4qNDk8[...]
Line Deleted : user_pref("CT3018509./9b+7e/x305.from_oldbar.enc", "JH4rQTU2MnhEOTwpcSt4fHt3MCcyPkxDQ1NOLVhbPCU+LDAuNEM6RVFYYmleZ1pBbGFkUTpTQUVDSFhPWmZte3xxdHJucCF0dFsne35rVG1bX11hcml0IS8nJiY7MXE6KD46QjY+QTR7QDxIeyBN[...]
Line Deleted : user_pref("CT3018509./9b+7e06cg5el8:.from_oldbar.enc", "bm1qcHJyb25zcg==");
Line Deleted : user_pref("CT3018509./9b+7e06cg5el;8i:k.from_oldbar.enc", "JH4tLyJqdHNwdnh4dXR5eCQvS0lHT0I1fV1cPQ==");
Line Deleted : user_pref("CT3018509./9b+7e0x305.from_oldbar.enc", "JH4sQDpAd0M4OyhwKnd8dX0vJjE+QSlVR0hNUVpOWlkyXVJVQitEMjcwN0lAS1heaF5wbm5mdGJuaWtNeG1wXUZfTVJLUWRbZnMje3csKiovJWQwJSh0XXZkaWJne3J9KzZ0OjYyPUBANXxIPUAt[...]
Line Deleted : user_pref("CT3018509./9b+7e1x305.from_oldbar.enc", "JH4tQTE9QDJ5RTo9KnIsend5fjEoM0FHPkVHRUgvWk9SPyhBMC0vM0Y9SFZiZWhca2dfbXBgSHNoa1hBWklGSEtfVmFvfCF9dHR6eCdfKyAjb1hxYF1fYXZteCc3OjYwMio9QXZCNzonbyl3dHZ3[...]
Line Deleted : user_pref("CT3018509./9b+7e2x305.from_oldbar.enc", "JH4uNUIxPT05OntHPD8sdC55IH0yKTRDVlVORy5ZTlEyXk9BKkM1NzIxSD9KWWVfX2JsW3FzaXVpdXRNeG1wUX5rYEliUlBUUWdeaXgoLXx8Yy8kJ3NcdWRmZmh6cXwsO0AwQDx0eDQ9MHxIPUAt[...]
Line Deleted : user_pref("CT3018509./9b+7e31;cj4b:feao<??btjnw,wlo.from_oldbar.enc", "JH5hOT8jayV2cXlxeisiLW9CUEVOM3s1QU9HU1JOXElMTE9hV1tkOWRZXElASy5rblxQOVJEP1VMVzpmYmx4XUZfTmFYY0Zyc3xoUWpbWm1kbyIhJTEhNCR3YCB6XSs6L[...]
Line Deleted : user_pref("CT3018509./9b+7e31;cj7fk;kg#ncep@mc+vkn.from_oldbar.enc", "JH5hOT8jayVzdHFxKiEsbkFPRE0yejRDUldHV1MvWk9RXExZTzdiV1pHPkksWFReak84UTxTSlU4ZGVuWkNcS15VYHJxdSJxJXRoUTFxbCIvfC8rclt6dVgwNnliezsxL2[...]
Line Deleted : user_pref("CT3018509./9b+7e31;cjc6?9<jk$odg(ub.from_oldbar.enc", "JH5hOT8jayV1dXdyKiEsbkFPRE0yejRPQktFSFZXMFtQUzRhTkM6RShlWlVdWFtVTjdQMn5TSlU4ZGVuWkNcS15VYHJxdSJxJXRoUXBrIS57LipxWnl0Vy81eGF6OjAuZl1ZTW[...]
Line Deleted : user_pref("CT3018509./9b+7e31;cjc<=fbj#ncf'ta.from_oldbar.enc", "JH5hOT8jayVyb3ZyKiEsbkFPRE0yejRPSElSTlYvWk9SM2BNQjlEJ2RZVFxXWlRNNk8xfVJJVDdjX2l1WkNcTl5VYEMgdSMoJXl8eiAoeSoxLS0nM3t0XXZnamtse3J9YC0uNyN[...]
Line Deleted : user_pref("CT3018509./9b+7e31;cji8=:!lad.from_oldbar.enc", "JH5hOT8jayVzeCh+Kmw/TUJLMHgyU0JHRCtWS047Mj0gXVJNVVBTTUYvSCQqS0JNMG1wXlI7VERWTVg7Z2hxXUZfUE9iWWRxdXxoUXBreyopb1hxeCRZPDdsIFpvQ25yZ0VGdkhJeEtM[...]
Line Deleted : user_pref("CT3018509./9b+7e31;cji>g;elocm;dcqde,wlo.from_oldbar.enc", "JH5hOT8jayVxcXF3KiEsbkFPRE0yejRVSlNHUVhbT1lHUE9dUFE4Y1hbSD9KLWpfWmJdYFpTPFUjJlhPWj16fWtfSGFTTWRbZkl1diBrVG1eXXBnciUkKDQkNyd6Y0Mkf[...]
Line Deleted : user_pref("CT3018509./9b+7e4x305.from_oldbar.enc", "JH4wLEB2Qjc6J28pd3t0di4lMEE+T0lKUitVVTojPCsvKClBOENUUV5dVmFfVmhcQm1iZVI7VENGSUpZUFtsaXp+IXAjcHZZJXl8XSp6bFVuXWBjY3NqdSckMTgxNzI2KHM/NDd3RTInbyl3en18[...]
Line Deleted : user_pref("CT3018509./9b+7e5x305.from_oldbar.enc", "JH4xNkIrd0M4OyhwKnl1encvJjFDSz1JVkpQWS5ZTjFKVUApQjIuMy9HPklbXVlaal5YcHJiZ0l0aWxZQltLR0tRYFdidHwkc3N3JiAkICpiLiMmclt0ZGBkaXlwey42PS4uNDR3Qzh6ND8qcix7[...]
Line Deleted : user_pref("CT3018509./9b+7e6x305.from_oldbar.enc", "JH4yLD4yMjI4RT58SD1ALXUvfnskJDQrNklTVFJZWFpaUFJONmFWWUYvSDg1PTxNRE9ibG1rcnFqd2FNeG1wXUZfT0xUUWRbZnl7Jnh4KX4vKS0yMGczKCt3YHlpZm5qfnUhNDZAQ0Y8PXxIPUAt[...]
Line Deleted : user_pref("CT3018509./9b+7e7x305.from_oldbar.enc", "JH4zPSw/Pj95RTo9KnIse3p5ejEoM0dRP0RVWUJMWjFcUVRBKkMzMjA3SD9KXmhWW1lwYG5sZmFkc0x3bG9cRV5OTUtRY1pleSR6KSN4emEtIiVxWnNjYmBleG96Ly8rODg0PEIwMjQ5QzY0SztJ[...]
Line Deleted : user_pref("CT3018509./9b+7e8x305.from_oldbar.enc", "JH40PT87NTc7PzZ8R0csdC5+eCMyKTRJVlVARy5ZTlE+J0AwMjUzRTxHXFVYY2plbmJebGFrcGhzS3ZrbltEXU1PUk9iWWR5J3ZyKnkoYCwhJHBZcmJkZ2J3bnkvNCs8MXM/NHYwOyZuKHd5fHYt[...]
Line Deleted : user_pref("CT3018509./9b+7e9x305.from_oldbar.enc", "JH41Myw/MnhEOTwpcSt7dXl5MCcySExPT0RQTEdUWFxQSDRfVFdELUY3MTU0S0JNY2tdX19zaWtKdWptWkNcTUdLSWFYY3kib3QlKCR5YCwhJHBZcmNdYGh3bnkwOjorKi50QDU4JW0nd3F0eywj[...]
Line Deleted : user_pref("CT3018509./9b+7e:x305.from_oldbar.enc", "JH42Mzs4MnhEOTwpcSt7dnl6MCcySUhVRUQsV0xPPCU+LyotLUM6RVxnVVteP2pfYk84UUI9QD9WTVhvemh4bHFxVCB0d2RNZldSVVNrYm0lfi16ZjInKnZfeGlkZm59dCA3QjIyMkZENXxHRyx0[...]
Line Deleted : user_pref("CT3018509./9b+7e;x305.from_oldbar.enc", "JH43PzM/NzhCL3tHPD8sdC5+enoiMyo1TUYsV0xPPCU+LysrMUM6RV1jVldcXFpBbGFkUTpTREBARVhPWnJzcXp4bSJWInZ5Zk9oWVVVWW1kbygkLCcqMiEwJ205LjF9ZiBwbGxuJXsnPzpIfklJ[...]
Line Deleted : user_pref("CT3018509./9b+7e<x305.from_oldbar.enc", "JH44NDAwRC9GNkQ3fUk+QS52MCF9JCY1LDdQTEdXUUtPRzRfVFdELUY3NDo6S0JNZl5wW2RlcWNKdWptWkNcTUpQT2FYY3xxeSB1JiFfKyAjb1hxYl9lYnZteDIuMCUsODIydUE2OSZuKHh1e3ct[...]
Line Deleted : user_pref("CT3018509./9b+7e=x305.from_oldbar.enc", "JH45MzY/QUE3OTV8SD1ALXUvIH4gIjQrNlBUWVdMVU9RWzRfVFdELUY3Njc4S0JNZ2twbmBvYWZrY2ZNeG1wXUZfUE9QUGRbZiElfHlzemEtIiVxWnNkY2RjeG96NT0yM0A/Oz8zeEQ5PClxK3t6[...]
Line Deleted : user_pref("CT3018509./9b+7e>x305.from_oldbar.enc", "JH46QTY/MjI4OHtHPD8sdC5+ICF8Myo1UE9TRkgvWk9SPyhBMjM0L0Y9SGNcXWZiakNuY2ZTPFVGR0hCWlFcd3B3cyAjcSFZJXl8aVJrXF1dYXBnci4hLiQ4KDg3Lyo6LnM/NDckbCZ2d3d6KyIt[...]
Line Deleted : user_pref("CT3018509./9b+7e?x305.from_oldbar.enc", "JH47LS8vM0E0QDo6fUlMLXUvICMgfjQrNlJQTFJJVVJWUlw1YFVYRS5HODs4NkxDTmpwb19lY11zb2d1eGhMZXBrVCB0d2RNZldaV1RrYm0qIisvJS5oNCkseGF6a25rZyB2Ij5EQkEzNkE8PiBL[...]
Line Deleted : user_pref("CT3018509./9b+7e@x305.from_oldbar.enc", "JH48QEIrd0M4OyhwKnt2fngvJjFOUlQ9KlVKLUZRPCU+MCszLEM6RWJnVlFiWWVfX0NuY0ZfalU+V0lETERcU157IXR8eCF0WiZ6fWpTbF5ZYGJxaHMxNCkmJm05LjF9ZiBxbHN0JXsnRDY5PT9F[...]
Line Deleted : user_pref("CT3018509./9b+7eax305.from_oldbar.enc", "JH49PTc4d0M4OyhwKnt6dX4vJjFPS1JLREVJS0lIVFBYWVJTX1E4Y1hbSDFKPDs2PU9GUW9rbm1jd21odmZQe3BzYEliVFNOVGdeaSgsdCsrMCZlMSYpdV53aWhjaHxzfj0wLj0yMjg2RHxIPUAt[...]
Line Deleted : user_pref("CT3018509./9b+7ebe3g=;d9n9=d.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZJZXFzTTNLVw==");
Line Deleted : user_pref("CT3018509./9b+7ecx305.from_oldbar.enc", "JH4/PTAwQzEuekY7PitzLXsgfjEoM1NRVlVRV1pPWExeM15TVkMsRTQ4NklAS2tZVmxoa0ZxZmlWP1hHS0hcU15+bGlWInZ5Zk9oV1tXbGNuLzEhJjAjNio1LCw6MTlxPTI1ImokcnZxKH4qSkE/[...]
Line Deleted : user_pref("CT3018509./9b+7edx305.from_oldbar.enc", "JH5ANUIqNjh5RTo9KnIsfSAvJjFSR1Q8SEosV0wvSFM+J0AyM0M6RWZbaFBcXkBrbk84UUNDVEtWd2x5YW1vUXxxVHhzY0xlV1ZoX2osIS51IiRlLiN0XXZoZnlwez06LjIyNDExRTtDe0c8Pyx0[...]
Line Deleted : user_pref("CT3018509./9b+7etx305.from_oldbar.enc", "JH5uLy47MjNCNXtEOStzLXp7e3wyKTQjUkxUV0dKTlBWXUphUV9dV1JVZD1oXWBNNk89Pj49VEtWRUhqc21pb1J9cnViS2RSU1NRaWBrWnt7dyYueWczKCt3YHlnaGdvfnUhcm01Pjg0OnxIPUAt[...]
Line Deleted : user_pref("CT3018509./9b-0?3g>d.from_oldbar.enc", "aGtta21sQkN6RUVydSBLfX58JSFOIFAqJCYpI1ooLiwtL1ss");
Line Deleted : user_pref("CT3018509./9b-0?3g@6:5;.from_oldbar.enc", "AA==");
Line Deleted : user_pref("CT3018509./9b-0?3gfa7ef.from_oldbar.enc", "Ky4sPQ==");
Line Deleted : user_pref("CT3018509./9b-3=3eccja=f>.from_oldbar.enc", "JH4zPSxFL0E1J28pKiEsOT1EMHgyMyo1REhYTDojLjM+WGBPZFZgT2hSZFhYY15gTjdrcWdhcFk=");
Line Deleted : user_pref("CT3018509./9b/556,bi5a>g.from_oldbar.enc", "bm1sbmpvcXRyd3dxdw==");
Line Deleted : user_pref("CT3018509./9b/>01=9a6k6<im;krie@pdawm.from_oldbar.enc", "amlrcnN0dXY=");
Line Deleted : user_pref("CT3018509./9b3=>@44i48?.from_oldbar.enc", "NywtMml1djNCNjNBSEd3IT8+SE9OTUZIUCtWS04uWVlZX0xWTzdkU1dQ");
Line Deleted : user_pref("CT3018509./9b5ba==9cjag.from_oldbar.enc", "aD1qbHBvQkN6eHB0dXhJe3tMIkwg");
Line Deleted : user_pref("CT3018509./9b6b11g4c56b>f;p;anr@p.from_oldbar.enc", "bm1qcHJyb25yc3l2eg==");
Line Deleted : user_pref("CT3018509./9b9643g3/9e.from_oldbar.enc", "ag==");
Line Deleted : user_pref("CT3018509./9b;45>:bi9i7ie.from_oldbar.enc", "Ky4sPQ==");
Line Deleted : user_pref("CT3018509./9b<:222h64<.from_oldbar.enc", "OT81Lz4=");
Line Deleted : user_pref("CT3018509./9b<:222h64<l8daj.from_oldbar.enc", "bXBwcHZzc3l3cCp6dXJ4e3UhfA==");
Line Deleted : user_pref("CT3018509./9b=+03eh8h8j?:.from_oldbar.enc", "REM=");
Line Deleted : user_pref("CT3018509./9b?+e2a52d8.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZkcHJ5UVVeXlI=");
Line Deleted : user_pref("CT3018509./9b?b0d:8aj62<h.from_oldbar.enc", "bQ==");
Line Deleted : user_pref("CT3018509./9ba@0<0bi6a7gn:6@l?.from_oldbar.enc", "bA==");
Line Deleted : user_pref("CT3018509.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3018509.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129683388555092712", true);
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129774349446762757", true);
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_1366704352000", true);
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_1367226436000", true);
Line Deleted : user_pref("CT3018509.CT3018509", "CT3018509");
Line Deleted : user_pref("CT3018509.CT3018509.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT3018509.ConfigurationLastCheckTime", "Thu Oct 10 2013 05:06:57 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.CurrentServerDate", "10-10-2013");
Line Deleted : user_pref("CT3018509.DSInstall", false);
Line Deleted : user_pref("CT3018509.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3018509.DialogsGetterLastCheckTime", "Mon Oct 07 2013 04:47:31 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"2/13/2012 3:35:57 AM\",\"SourceId\":0,\"OriginSource\":0,\"Refer[...]
Line Deleted : user_pref("CT3018509.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3018509.ExternalComponentPollDate129510405198305199", "Wed Feb 15 2012 13:32:55 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.ExternalComponentPollDate129510405203040747", "Wed Feb 15 2012 13:32:55 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.FirstServerDate", "13-2-2012");
Line Deleted : user_pref("CT3018509.FirstTime", true);
Line Deleted : user_pref("CT3018509.FirstTimeFF3", true);
Line Deleted : user_pref("CT3018509.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT3018509.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3018509.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3018509.HPInstall", false);
Line Deleted : user_pref("CT3018509.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3018509.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3018509.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3008668&SearchSource=13");
Line Deleted : user_pref("CT3018509.Initialize", true);
Line Deleted : user_pref("CT3018509.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3018509.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3018509.InstallationType", "DirectDownload");
Line Deleted : user_pref("CT3018509.InstalledDate", "Mon Feb 13 2012 12:06:06 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.InvalidateCache", false);
Line Deleted : user_pref("CT3018509.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3018509.IsGrouping", false);
Line Deleted : user_pref("CT3018509.IsInitSetupIni", true);
Line Deleted : user_pref("CT3018509.IsMulticommunity", false);
Line Deleted : user_pref("CT3018509.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3018509.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3018509.IsProtectorsInit", true);
Line Deleted : user_pref("CT3018509.LanguagePackLastCheckTime", "Thu Oct 10 2013 05:06:57 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3018509.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3018509.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:27:38 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.12.2.3", "Thu May 31 2012 03:33:55 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:41:51 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.14.1.0", "Wed Aug 22 2012 07:31:51 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.15.1.0", "Wed Nov 07 2012 23:09:07 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.16.0.3", "Mon Feb 11 2013 20:20:16 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.18.0.7", "Mon Jul 15 2013 07:07:58 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.19.0.3", "Wed Sep 11 2013 15:20:08 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.20.0.4", "Thu Oct 10 2013 13:34:59 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.9.0.3", "Thu Feb 16 2012 20:09:14 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT3018509.Locale", "en-us");
Line Deleted : user_pref("CT3018509.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3018509.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT3018509.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3018509.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3018509.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3018509.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT3018509.RadioIsPodcast", false);
Line Deleted : user_pref("CT3018509.RadioLastCheckTime", "Thu Feb 16 2012 13:52:58 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3018509.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3018509.RadioMediaID", "9962");
Line Deleted : user_pref("CT3018509.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3018509.RadioMenuSelectedID", "EBRadioMenu_CT30185099962");
Line Deleted : user_pref("CT3018509.RadioShrinked", "shrinked");
Line Deleted : user_pref("CT3018509.RadioShrinkedFromSetup", true);
Line Deleted : user_pref("CT3018509.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3018509.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3018509.SHRINK_TOOLBAR", 0);
Line Deleted : user_pref("CT3018509.SearchAPILastCheckTime", "Thu Oct 10 2013 05:06:57 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SearchCaption", "Game Master 2.1 Customized Web Search");
Line Deleted : user_pref("CT3018509.SearchEngineBeforeUnload", "Productivity 3.1 Customized Web Search");
Line Deleted : user_pref("CT3018509.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3018509.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=2&q=");
Line Deleted : user_pref("CT3018509.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3018509.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3018509.SearchInNewTabLastCheckTime", "Wed Sep 11 2013 07:20:09 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3018509.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT3018509.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3018509.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3018509.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3018509.ServiceMapLastCheckTime", "Thu Oct 10 2013 05:06:58 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SettingsLastCheckTime", "Thu Oct 10 2013 13:34:58 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SettingsLastUpdate", "1381314342");
Line Deleted : user_pref("CT3018509.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3018509&SearchSource=13");
Line Deleted : user_pref("CT3018509.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3018509.ThirdPartyComponentsLastCheck", "Mon Feb 13 2012 12:06:04 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3018509.ToolbarShrinkedFromSetup", true);
Line Deleted : user_pref("CT3018509.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3018509.UserID", "UN50119825596981567");
Line Deleted : user_pref("CT3018509.ValidationData_Search", 0);
Line Deleted : user_pref("CT3018509.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3018509._9b_7e.:2z527.from_oldbar.enc", "JCM=");
Line Deleted : user_pref("CT3018509._9b_7e.x305.from_oldbar.enc", "JH4qQTc3RDQzekY7PitzLXp9fCEyKTQ/VkZUUkxHSllaSFFQXlFSOWRZXEkySzk8Oz5QR1JdbGprb3htaFBqb3FxdCJWInZ5Zk9oVllYWm1kb3p7Mn1oNCkseGF6aGtqayB2Ii1AOjNGQD5HfklJ[...]
Line Deleted : user_pref("CT3018509.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3018509.alertChannelId", "1410096");
Line Deleted : user_pref("CT3018509.approveUntrustedApps", false);
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e.:2z527", "2423");
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e06cg5el8:", "6E6D6A7072726F6E7372");
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737076787875747978242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e31;cj4b:feao<??btjnw,wlo", "247E61393F236B25767179717A2B222D6F4250454E337B35414F4753524E5C494C4C4F61575B643964595C49404B2E6B6E5C503952443F554C573A66626C785D46[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e31;cjc6?9<jk$odg(ub", "247E61393F236B25757577722A212C6E414F444D327A344F424B45485657305B505334614E433A4528655A555D585B554E3750327E534A553864656E5A435C4B5E55607[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F444D327A344F4849524E562F5A4F5233604D423944276459545C575A544D364F317D52495437635F69755A435C4E5E556043[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e31;cji8=:!lad", "247E61393F236B257378287E2A6C3F4D424B307832534247442B564B4E3B323D205D524D5550534D462F48242A4B424D306D705E523B5444564D583B6768715D465F504F62596[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C6E414F444D327A34554A534751585B4F5947504F5D50513863585B483F4A2D6A5F5A625D605A533C552326584F5A3D7A7D6B[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT3018509.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT3018509.backendstorage./9b-0?3g>d", "686B6D6B6D6C42437A45457275204B7D7E7C25214E20502A242629235A282E2C2D2F5B2C");
Line Deleted : user_pref("CT3018509.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT3018509.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT3018509.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT3018509.backendstorage./9b/556,bi5a>g", "6E6D6C6E6A6F71747277777177");
Line Deleted : user_pref("CT3018509.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT3018509.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT3018509.backendstorage./9b5ba==9cjag", "683D6A6C706F42437A7870747578497B7B4C224C20");
Line Deleted : user_pref("CT3018509.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A7072726F6E727379767A");
Line Deleted : user_pref("CT3018509.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3018509.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3018509.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3018509.backendstorage./9b<:222h64<l8daj", "6D7070707673737977702A7A7572787B75217C");
Line Deleted : user_pref("CT3018509.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3018509.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3018509.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3018509.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Deleted : user_pref("CT3018509.backendstorage.cb_experience_000", "3134");
Line Deleted : user_pref("CT3018509.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT3018509.backendstorage.cb_user_id_000", "43423934303837323838333032385F46697265666F78");
Line Deleted : user_pref("CT3018509.backendstorage.cbcountry_001", "4155");
Line Deleted : user_pref("CT3018509.backendstorage.cbfirsttime", "4D6F6E2046656220313320323031322031323A30363A313120474D542B313130302028415553204561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT3018509.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT3018509.backendstorage.hxxp://find_conduit_com.glb-tabs", "7B2231223A5B7B2275726C223A22687474703A2F2F61752E6D61696C2E7961686F6F2E636F6D2F222C2274696D657374616D70223A3133343435363133333534[...]
Line Deleted : user_pref("CT3018509.backendstorage.hxxp://find_conduit_com.ufind-guid", "30356230323735392D333830662D346366372D616465342D306361613365663237623665");
Line Deleted : user_pref("CT3018509.backendstorage.last-social-provider", "227961686F6F22");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_appstatereporttime", "31333732313236383131373239");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C22637269746572696173223A5B7B22637269746572696149[...]
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_currentversion", "312E382E302E34");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_lastlogintime", "31333732313236383038323933");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2234365F30222C22697354657374223A[...]
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT3018509.backendstorage.mam_gk_userid", "62623564323131302D333637652D343839342D386163642D396361303239303831666239");
Line Deleted : user_pref("CT3018509.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT3018509.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT3018509.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT3018509.backendstorage.sf_user_id", "6369645F32353632303133313232303439333232303534");
Line Deleted : user_pref("CT3018509.backendstorage.shoppingapp.gk.exipres", "5765642041756720313520323031322031313A31333A323220474D542B313030302028415553204561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT3018509.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961");
Line Deleted : user_pref("CT3018509.backendstorage.social-providers", "7B2266616365626F6F6B223A5B342C313334343536313238343930325D2C227961686F6F223A5B36382C313334343536313734303137325D7D");
Line Deleted : user_pref("CT3018509.backendstorage.url_history0001", "6A6176617363726970743A3B3A3A3A636C69636B68616E646C65723A3A3A313337323134393332373130382C2C2C6A6176617363726970743A576562466F726D5F446F506F7374426[...]
Line Deleted : user_pref("CT3018509.cb_experience_000.from_oldbar.enc", "MTQ=");
Line Deleted : user_pref("CT3018509.cb_firstuse0100.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3018509.cb_user_id_000.from_oldbar.enc", "Q0I5NDA4NzI4ODMwMjhfRmlyZWZveA==");
Line Deleted : user_pref("CT3018509.cbcountry_001.from_oldbar.enc", "QVU=");
Line Deleted : user_pref("CT3018509.cbfirsttime.from_oldbar.enc", "TW9uIEZlYiAxMyAyMDEyIDEyOjA2OjExIEdNVCsxMTAwIChBVVMgRWFzdGVybiBEYXlsaWdodCBUaW1lKQ==");
Line Deleted : user_pref("CT3018509.cbopenmamsettings.from_oldbar.enc", "MA==");
Line Deleted : user_pref("CT3018509.countryCode", "AU");
Line Deleted : user_pref("CT3018509.enableAlerts", "always");
Line Deleted : user_pref("CT3018509.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT3018509.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT3018509.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3018509.fullUserID", "UN50119825596981567.UP.2113");
Line Deleted : user_pref("CT3018509.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3018509.globalFirstTimeInfoLastCheckTime", "Mon Feb 13 2012 12:06:05 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3018509.homepageuserchanged", true);
Line Deleted : user_pref("CT3018509.hxxp___find_conduit_com.glb-tabs.from_oldbar.enc", "eyIxIjpbeyJ1cmwiOiJodHRwOi8vYXUubWFpbC55YWhvby5jb20vIiwidGltZXN0YW1wIjoxMzQ0NTYxMzM1NDkyfSx7InVybCI6Imh0dHBzOi8vbG9naW4ueWFob28[...]
Line Deleted : user_pref("CT3018509.hxxp___find_conduit_com.ufind-guid.from_oldbar.enc", "MDViMDI3NTktMzgwZi00Y2Y3LWFkZTQtMGNhYTNlZjI3YjZl");
Line Deleted : user_pref("CT3018509.initDone", true);
Line Deleted : user_pref("CT3018509.installType", "DirectDownload");
Line Deleted : user_pref("CT3018509.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3018509.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3018509.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
Line Deleted : user_pref("CT3018509.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3018509.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3018509.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3018509.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3018509.keyword", true);
Line Deleted : user_pref("CT3018509.last-social-provider.from_oldbar.enc", "InlhaG9vIg==");
Line Deleted : user_pref("CT3018509.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3018509&octid=CT3018509&SearchSource=15&CUI=UN50119825596981567&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3018509.lastVersion", "10.22.5.510");
Line Deleted : user_pref("CT3018509.mam_gk_appsdata.from_oldbar.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsi[...]
Line Deleted : user_pref("CT3018509.mam_gk_appsdefaultenabled.from_oldbar.enc", "bnVsbA==");
Line Deleted : user_pref("CT3018509.mam_gk_appstate_couponbuddy.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3018509.mam_gk_appstate_easytobook.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3018509.mam_gk_appstate_easytobook_targeted.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3018509.mam_gk_appstate_pricegong.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3018509.mam_gk_appstate_windowshopper.from_oldbar.enc", "b24=");
Line Deleted : user_pref("CT3018509.mam_gk_appstatereporttime.from_oldbar.enc", "MTM3MjEyNjgxMTcyOQ==");
Line Deleted : user_pref("CT3018509.mam_gk_configuration.from_oldbar.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJkNmE3MmU3MS1mYmE0LTQ4ZGEtYjJkMS1iNGVlOWN[...]
Line Deleted : user_pref("CT3018509.mam_gk_currentversion.from_oldbar.enc", "MS44LjAuNA==");
Line Deleted : user_pref("CT3018509.mam_gk_first_time.from_oldbar.enc", "MQ==");
Line Deleted : user_pref("CT3018509.mam_gk_lastlogintime.from_oldbar.enc", "MTM3MjEyNjgwODI5Mw==");
Line Deleted : user_pref("CT3018509.mam_gk_localization.from_oldbar.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMg[...]
Line Deleted : user_pref("CT3018509.mam_gk_showclosebutton.from_oldbar.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3018509.mam_gk_showwelcomegadget.from_oldbar.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3018509.mam_gk_userid.from_oldbar.enc", "YmI1ZDIxMTAtMzY3ZS00ODk0LThhY2QtOWNhMDI5MDgxZmI5");
Line Deleted : user_pref("CT3018509.myStuffEnabled", true);
Line Deleted : user_pref("CT3018509.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3018509.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3018509.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3018509.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3018509.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3008668%26octid%3DCT3008668%26SearchSource%3D15%26CUI%3DUN6[...]
Line Deleted : user_pref("CT3018509.originalHomepage", "hxxp://au.yahoo.com/");
Line Deleted : user_pref("CT3018509.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3018509.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT3018509.pg_enable.from_oldbar.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3018509.revertSettingsEnabled", true);
Line Deleted : user_pref("CT3018509.search.searchCount", 0);
Line Deleted : user_pref("CT3018509.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT3018509.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3018509.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3018509.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3018509.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3018509.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3018509.searchUserMode", "2");
Line Deleted : user_pref("CT3018509.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3018509\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://GameMaster21.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Game Master 2.1 \"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3018509.serviceLayer_services_Configuration_lastUpdate", "1386836425958");
Line Deleted : user_pref("CT3018509.serviceLayer_services_login_10.20.101.3_lastUpdate", "1383029248538");
Line Deleted : user_pref("CT3018509.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384373155043");
Line Deleted : user_pref("CT3018509.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385106444731");
Line Deleted : user_pref("CT3018509.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386905917968");
Line Deleted : user_pref("CT3018509.serviceLayer_services_searchAPI_lastUpdate", "1386836425467");
Line Deleted : user_pref("CT3018509.serviceLayer_services_serviceMap_lastUpdate", "1386836424909");
Line Deleted : user_pref("CT3018509.serviceLayer_services_toolbarSettings_lastUpdate", "1386905917719");
Line Deleted : user_pref("CT3018509.serviceLayer_services_translation_lastUpdate", "1386836425185");
Line Deleted : user_pref("CT3018509.settingsINI", true);
Line Deleted : user_pref("CT3018509.sf_just_installed.from_oldbar.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3018509.sf_status.from_oldbar.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3018509.sf_user_id.from_oldbar.enc", "Y2lkXzI1NjIwMTMxMjIwNDkzMjIwNTQ=");
Line Deleted : user_pref("CT3018509.showToolbarPermission", "false");
Line Deleted : user_pref("CT3018509.smartbar.CTID", "CT3018509");
Line Deleted : user_pref("CT3018509.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3018509.smartbar.toolbarName", "Game Master 2.1 ");
Line Deleted : user_pref("CT3018509.social-providers.from_oldbar.enc", "eyJmYWNlYm9vayI6WzQsMTM0NDU2MTI4NDkwMl0sInlhaG9vIjpbNjgsMTM0NDU2MTc0MDE3Ml19");
Line Deleted : user_pref("CT3018509.testingCtid", "");
Line Deleted : user_pref("CT3018509.toolbarAppMetaDataLastCheckTime", "Thu Oct 10 2013 05:06:58 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.toolbarBornServerTime", "13-2-2012");
Line Deleted : user_pref("CT3018509.toolbarContextMenuLastCheckTime", "Mon Feb 13 2012 12:06:06 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.toolbarCurrentServerTime", "13-12-2013");
Line Deleted : user_pref("CT3018509.toolbarLoginClientTime", "Thu Oct 10 2013 15:51:38 GMT+1100 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.upgradeFromOBVersion", true);
Line Deleted : user_pref("CT3018509.url_history0001.from_oldbar.enc", "amF2YXNjcmlwdDo7Ojo6Y2xpY2toYW5kbGVyOjo6MTM3MjE0OTMyNzEwOCwsLGphdmFzY3JpcHQ6V2ViRm9ybV9Eb1Bvc3RCYWNrV2l0aE9wdGlvbnMobmV3JTIwV2ViRm9ybV9Qb3N0QmFj[...]
Line Deleted : user_pref("CT3018509.usagesFlag", 2);
Line Deleted : user_pref("CT3018509_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386905913015,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3008668&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Productivity 3.1 Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3008668/CT3008668", "\"9ef596bc4395c469c5797bddf28c46553\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3018509/CT3018509", "\"142817ee5e62488c935f95e4b57837b23\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1400399/1396057/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1410096/1405754/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3008668", "\"1367226767\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3018509", "\"1367226773\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "ktZKgREPsk5m13TY9rsX+A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "cTVrc75U9YwdI74PAhUYFw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:1308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:1515\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15ff\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"f414eeaa6bece1:16f8\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3008668", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3018509", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/maxi.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play_mini.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"c89bcb7d9350c7350a3548054c42b78a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"84c2499acfee36e9430e8c42980bb1c5\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"b185642bdcef00e27890af25229afbdc\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ralph Richards\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\o5mz3dvi.default\\conduitCommon\\modules\\3.10.0.1");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/content/games/players/sonic.php", "550x400");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/mochigadget", "640x650");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree.html#pg_ext_msg_key_228fefaf,pg_agreement_msg_key,true", "356x317");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree.html#pg_ext_msg_key_d5c87d5c,pg_agreement_msg_key,true", "356x317");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3008668,CT3018509");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3008668,CT3018509");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3008668,CT3018509");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Feb 13 2012 10:40:54 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "5e23a034-cfed-4929-923c-33eab087692b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3008668");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Apr 01 2012 16:19:27 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Apr 06 2012 13:32:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Apr 06 2012 13:32:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "2a8f2ff0-1b25-44b6-83b0-b6050ae30154");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://au.yahoo.com/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3008668");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Productivity 3.1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.Retrogamer_2z.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=RGxdm195YYau&ptb=2667537B-8CC1-481A-B65D-993B42410FC6&ind=2011120717&ptnrS=RGxdm195YY[...]
Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,en-AU@dictionaries.addons[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZUxdm588YYau&ptb=VvjpIddJVvz.DR2cuuM07w&ind=2011112017&ptnrS=ZUxdm588YYau&si=COj1lNGVxq[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&CUI=UN62132488979047678&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3008668");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3008668&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q=[...]
Line Deleted : user_pref("smartbar.machineId", "K/SBZR97Y7ZHT/TDNTNAVVLRE8JUUO8WJGLWVBQJ+KGBQ+6YMY9IENPXUUO6RAPNKESGMBMBAGXLRHKPMUHLWW");
Line Deleted : user_pref("valueApps.CT3008668.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3008668.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3008668.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3008668.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3008668.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3008668.mam_gk_migrated_from_ls.storedInFile", false);

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : homepage

*************************

AdwCleaner[R0].txt - [110538 octets] - [08/04/2014 20:52:00]
AdwCleaner[S0].txt - [112154 octets] - [08/04/2014 20:53:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [112216 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Ralph Richards on Tue 08/04/2014 at 20:58:35.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4159860774-2674509857-3937360078-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{224759B2-8F66-4769-B897-6D1A6E59361C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{747E9978-0C0D-48FC-9863-4BE2B233C0B0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{747E9978-0C0D-48FC-9863-4BE2B233C0B0}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\myfuncards_5mei"



~~~ FireFox

Successfully deleted the following from C:\Users\Ralph Richards\AppData\Roaming\mozilla\firefox\profiles\o5mz3dvi.default\prefs.js

user_pref("CT3008668./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXl
user_pref("CT3008668./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3l
user_pref("CT3018509./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXl
user_pref("CT3018509./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3l
user_pref("extensions.Retrogamer_2z.prevKwdURL", "hxxp://search.alot.com/web?src_id=30224&client_id=a81dc4f8951828e8b83c68dd&camp_id=3408&install_time=2011-12-07T22:13:12Z&pr=
Emptied folder: C:\Users\Ralph Richards\AppData\Roaming\mozilla\firefox\profiles\o5mz3dvi.default\minidumps [806 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/04/2014 at 21:00:56.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

C:\AdwCleaner\Backup\C\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\prefs_08_04_2014_20_53_46.js    JS/SecurityDisabler.A.Gen potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\VNT\vntldr.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll.vir    Win32/Toolbar.MyWebSearch potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll.vir    probably a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll.vir    Win32/Toolbar.MyWebSearch potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\Ralph Richards\AppData\LocalLow\TotalRecipeSearch_14EI\Installr\Cache\002065C4.exe.vir    a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\user.js.vir    JS/SecurityDisabler.A.Gen potentially unwanted application    
C:\Users\Ralph Richards\AppData\Local\aaejfxjw.exe    a variant of Win32/Injector.BBLB trojan    
C:\Users\Ralph Richards\AppData\Local\kfuxhqqc.exe    a variant of Win32/Injector.BBKH trojan    
C:\Users\Ralph Richards\AppData\Local\nrbbhlrw.exe    Win32/TrojanDownloader.Zortob.B trojan    
C:\Users\Ralph Richards\AppData\Local\oxhjuwhl.exe    a variant of Win32/Injector.BBKH trojan    
C:\Users\Ralph Richards\AppData\Local\qhbjlptw.exe    Win32/TrojanDownloader.Agent.AGV trojan    
C:\Users\Ralph Richards\AppData\Local\uenaxkut.exe    a variant of Win32/Injector.BBKH trojan    
C:\Users\Ralph Richards\AppData\Local\Temp\SPSetup.exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    
C:\Users\Ralph Richards\AppData\Local\Temp\UpdateFlashPlayer_0dfaebc3.exe    a variant of Win32/Kryptik.BUVK trojan    
C:\Users\Ralph Richards\AppData\Local\Temp\UpdateFlashPlayer_4b345b1b.exe    a variant of Win32/Injector.BBKW trojan    
C:\Users\Ralph Richards\AppData\Local\Temp\UpdateFlashPlayer_655feeb3.exe    a variant of Win32/Kryptik.BUVK trojan    
C:\Users\Ralph Richards\AppData\Local\Temp\UpdateFlashPlayer_9f161420.exe    a variant of Win32/Kryptik.BUVK trojan    
C:\Users\Ralph Richards\AppData\Local\Temp\UpdateFlashPlayer_d97ea17e.exe    a variant of Win32/Kryptik.BUVK trojan    
C:\Users\Ralph Richards\AppData\Local\Temp\tmpbdc65c16\flashmedia.exe    a variant of Win32/Kryptik.BZET trojan    
C:\Users\Ralph Richards\AppData\LocalLow\Retrogamer_2zEI\Installr\Cache\0007ECBE.exe    a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application    
C:\Users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe    a variant of Win32/Kryptik.BUVK trojan    
C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\prefs-1.js    JS/SecurityDisabler.A.Gen potentially unwanted application    
C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\prefs.js    JS/SecurityDisabler.A.Gen potentially unwanted application    
C:\Users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe    a variant of Win32/Kryptik.BUVK trojan    
C:\Users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe    a variant of Win32/Kryptik.BZET trojan    
C:\Windows\System32\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Windows\Temp\nslCDCB.tmp\SPtool.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    
Operating memory    multiple threats    
 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 09 April 2014 - 03:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 09 April 2014 - 05:46 AM

ComboFix 14-04-08.01 - Ralph Richards 09/04/2014  20:23:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3068.1684 [GMT 10:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Retrogamer_2zEI
C:\test.txt
c:\users\Ralph Richards\AppData\Local\aaejfxjw.exe
c:\users\Ralph Richards\AppData\Local\kfuxhqqc.exe
c:\users\Ralph Richards\AppData\Local\nrbbhlrw.exe
c:\users\Ralph Richards\AppData\Local\oxhjuwhl.exe
c:\users\Ralph Richards\AppData\Local\qhbjlptw.exe
c:\users\Ralph Richards\AppData\Local\uenaxkut.exe
c:\users\Ralph Richards\AppData\Roaming\.#
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@1008@1C12768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@1008@1C12798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@101C@742768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@101C@742798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@1034@3A2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@1034@3A2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@103C@1B02768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@103C@1B02798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@10EC@1B72768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@10EC@1B72798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@1214@1E62768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@15C@1A72768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@15C@1A72798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@238@2A2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@238@2A2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@304@1722768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@304@1722798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@324@1B22768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@324@1B22798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@330@1C72768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@330@1C72798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@3D4@16D2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@3D4@16D2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@448@1D2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@448@1D2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@458@392768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@458@392798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@474@1BF2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@474@1BF2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@4E8@1B42768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@4E8@1B42798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@520@1C62768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@520@1C62798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@570@382768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@570@382798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@58C@1D92768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@58C@1D92798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@5A8@1C82768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@5A8@1C82798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6A4@692768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6A4@692798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6BC@382768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6BC@382798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6D8@242768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6D8@242798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6E0@1732768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@6E0@1732798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@724@AD2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@724@AD2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@78C@1852768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@78C@1852798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@78C@3F2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@78C@3F2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7B4@16B2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7B4@16B2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7BC@2D2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7BC@2D2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7C4@1CD2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7C4@1CD2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7C8@1862768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7C8@1862798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7D4@1BE2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@7D4@1BE2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@804@3A2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@804@3A2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@8E4@1D42768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@8E4@1D42798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@8FC@732768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@8FC@732798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@948@1C22768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@948@1C22798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@954@1D12768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@954@1D12798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@958@692768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@958@692798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@98C@1BA2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@98C@1BA2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@994@392768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@994@392798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@9BC@1D02768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@9BC@1D02798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@9E8@622768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@9E8@622798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@A60@1C2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@A60@1C2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@A64@1D72768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@A64@1D72798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@B24@272768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@B24@272798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@BA0@252768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@BA0@252798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@BDC@1D72768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@BDC@1D72798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@C08@1D12768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@C08@1D12798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@C14@1D32768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@C14@1D32798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@CD0@1AB2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@CD0@1AB2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D60@3A2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D60@3A2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D70@1802768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D70@1802798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D80@1C02768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D80@1C02798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D88@3E2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D88@3E2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D8C@1702768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D8C@1702798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D94@1C62768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D94@1C62798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D98@1E62768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@D98@1E62798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@DC0@1752768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@DC0@1752798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E08@1B12768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E08@1B12798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E18@1B32768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E18@1B32798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E40@1732768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E40@1732798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E40@AB2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E40@AB2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E4C@1C12768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E4C@1C12798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E58@172768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E58@172798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E5C@1CE2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E5C@1CE2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E64@262768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E64@262798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E70@1B02768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E70@1B02798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E74@1702768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E74@1702798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E78@1E02768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@E78@1E02798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@EB0@1F2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@EB0@1F2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@ECC@1792768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@ECC@1792798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@ED0@17C2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@ED0@17C2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F14@1812768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F14@1812798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F14@1CB2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F14@1CB2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F30@1AC2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F30@1AC2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F38@1852768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F38@1852798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F38@1B02768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F38@1B02798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F3C@16D2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F3C@16D2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F4C@1BB2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F4C@1BB2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F54@1C62768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F54@1C62798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F74@372768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F74@372798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F74@752768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F74@752798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F90@A32768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@F90@A32798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FB8@1C2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FB8@1C2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FBC@3C2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FBC@3C2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FD8@1C52768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FD8@1C52798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FDC@1C2768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FDC@1C2798.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FF0@352768.###
c:\users\Ralph Richards\AppData\Roaming\.#\MBX@FF0@352798.###
c:\users\Ralph Richards\AppData\Roaming\Iptahy
c:\users\Ralph Richards\AppData\Roaming\Iptahy\ybwa.awy
c:\users\Ralph Richards\AppData\Roaming\Pebaxu
c:\users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-09 to 2014-04-09  )))))))))))))))))))))))))))))))
.
.
2014-04-09 10:30 . 2014-04-09 10:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-09 10:30 . 2014-04-09 10:30    --------    d-----w-    c:\users\admin\AppData\Local\temp
2014-04-09 10:18 . 2014-04-09 10:18    39464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\MpKsla141801b.sys
2014-04-09 10:15 . 2014-04-09 10:15    62576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\offreg.dll
2014-04-08 11:08 . 2014-04-08 11:08    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-08 11:03 . 2014-04-08 11:03    --------    d-----w-    c:\program files\ESET
2014-04-08 10:58 . 2014-04-08 10:58    --------    d-----w-    c:\windows\ERUNT
2014-04-08 10:51 . 2014-04-08 10:53    --------    d-----w-    C:\AdwCleaner
2014-04-07 23:22 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\mpengine.dll
2014-04-07 21:48 . 2014-04-07 21:48    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Huinpuny
2014-04-07 19:05 . 2014-04-07 23:38    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 16:03 . 2014-04-08 12:09    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-07 16:03 . 2014-04-07 16:03    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 15:54 . 2014-04-07 23:38    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-06 19:16 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 16:21 . 2014-03-04 06:58    765968    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57DBBED6-1E8D-432C-A8DD-0D7B01EF331A}\gapaengine.dll
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----w-    c:\users\Ralph Richards\AppData\Local\Skype
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----w-    c:\program files\Common Files\Skype
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----r-    c:\program files\Skype
2014-03-13 04:40 . 2014-02-07 10:38    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 04:40 . 2014-02-03 10:37    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-03-13 04:40 . 2014-01-30 07:46    876032    ----a-w-    c:\windows\system32\wer.dll
2014-03-13 04:39 . 2013-11-13 00:30    2048    ----a-w-    c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 22:09 . 2012-07-14 09:40    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 22:09 . 2011-08-02 05:02    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 22:52 . 2010-10-24 10:25    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 06:58 . 2010-12-26 00:52    765968    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-24 14:19 . 2014-01-24 14:19    231960    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2010-12-26 01:00    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-13 03:21 . 2013-12-13 03:21    49940480    ----a-w-    c:\program files\GUT6F9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Touqsacy"="c:\users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe" [2011-02-19 284415]
"Ynupguivoguhis"="c:\users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe" [2013-11-06 283675]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-10 951576]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-08 75008]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA141801B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 02:07    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 19:02    1150280    ----a-w-    c:\program files\google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 22:09]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-26 02:12]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-26 02:12]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003Core.job
- c:\users\Ralph Richards\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19 03:21]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003UA.job
- c:\users\Ralph Richards\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19 03:21]
.
2014-03-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-04-26 06:45]
.
2014-04-08 c:\windows\Tasks\Security Center Update - 2895121555.job
- c:\users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe [2011-02-19 20:06]
.
2014-04-08 c:\windows\Tasks\Security Center Update - 553263651.job
- c:\users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe [2013-11-06 01:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!7
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-xwgssdec - c:\users\Ralph Richards\AppData\Local\nrbbhlrw.exe
HKCU-Run-Quceod - c:\users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe
HKCU-Run-Okqeilizty - c:\users\Ralph Richards\AppData\Roaming\Ybetucd\ortyxuc.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
c:\users\Ralph Richards\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MediaRing Talk.lnk - c:\program files\MediaRing\MediaRing Talk\mrtalk.exe /start
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-LAME for Audacity_is1 - c:\program files\Lame for Audacity\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-09 20:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4159860774-2674509857-3937360078-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,4e,62,df,1d,65,c2,63,92,98,bb,36,b5,32,29,09,24,b7,71,74,8d,
   5b,cb,31,9d,cd,d3,31,19,3f,05,27,34,af,18,62,8e,b8,07,9a,41,d1,f5,a8,d2,84,\
"rkeysecu"=hex:03,49,02,28,f1,59,8a,ad,53,a5,92,10,f7,94,77,8f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-04-09  20:35:43
ComboFix-quarantined-files.txt  2014-04-09 10:35
.
Pre-Run: 281,885,868,032 bytes free
Post-Run: 284,206,186,496 bytes free
.
- - End Of File - - A3B7DFAC6ACA05D160EF518C94A54F5D
85D751F0E41B8E520AEE8C07A8DA777B
 



#4 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 09 April 2014 - 05:50 AM

Hi Marius

 

I tried to switch off Microsoft Security Essentials and had to use task manager. I'm not sure if it knocked it out properly...?

 

Thank you again for your help



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 09 April 2014 - 07:03 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 10 April 2014 - 11:31 AM

ComboFix 14-04-08.01 - Ralph Richards 10/04/2014  17:37:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3068.1773 [GMT 10:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Security Center Update - 2895121555.job"
"c:\windows\Tasks\Security Center Update - 553263651.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Security Center Update - 2895121555.job
c:\windows\Tasks\Security Center Update - 553263651.job
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-10 to 2014-04-10  )))))))))))))))))))))))))))))))
.
.
2014-04-10 07:43 . 2014-04-10 07:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-10 07:43 . 2014-04-10 07:43    --------    d-----w-    c:\users\admin\AppData\Local\temp
2014-04-10 07:34 . 2014-04-10 07:34    39464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\MpKsl146ca9b9.sys
2014-04-10 07:28 . 2014-04-10 07:28    62576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\offreg.dll
2014-04-08 11:08 . 2014-04-08 11:08    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-08 11:03 . 2014-04-08 11:03    --------    d-----w-    c:\program files\ESET
2014-04-08 10:58 . 2014-04-08 10:58    --------    d-----w-    c:\windows\ERUNT
2014-04-08 10:51 . 2014-04-08 10:53    --------    d-----w-    C:\AdwCleaner
2014-04-07 23:22 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\mpengine.dll
2014-04-07 21:48 . 2014-04-07 21:48    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Huinpuny
2014-04-07 19:05 . 2014-04-07 23:38    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 16:03 . 2014-04-08 12:09    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-07 16:03 . 2014-04-07 16:03    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 15:54 . 2014-04-07 23:38    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-06 19:16 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 16:21 . 2014-03-04 06:58    765968    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57DBBED6-1E8D-432C-A8DD-0D7B01EF331A}\gapaengine.dll
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----w-    c:\users\Ralph Richards\AppData\Local\Skype
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----w-    c:\program files\Common Files\Skype
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----r-    c:\program files\Skype
2014-03-13 04:40 . 2014-02-07 10:38    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 04:40 . 2014-02-03 10:37    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-03-13 04:40 . 2014-01-30 07:46    876032    ----a-w-    c:\windows\system32\wer.dll
2014-03-13 04:39 . 2013-11-13 00:30    2048    ----a-w-    c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 22:09 . 2012-07-14 09:40    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 22:09 . 2011-08-02 05:02    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 22:52 . 2010-10-24 10:25    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 06:58 . 2010-12-26 00:52    765968    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-24 14:19 . 2014-01-24 14:19    231960    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2010-12-26 01:00    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-13 03:21 . 2013-12-13 03:21    49940480    ----a-w-    c:\program files\GUT6F9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Quceod"="c:\users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe" [BU]
"Touqsacy"="c:\users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe" [2011-02-19 284415]
"Ynupguivoguhis"="c:\users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe" [2013-11-06 283675]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-10 951576]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-08 75008]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL146CA9B9
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 02:07    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 19:02    1150280    ----a-w-    c:\program files\google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 22:09]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-26 02:12]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-26 02:12]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003Core.job
- c:\users\Ralph Richards\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19 03:21]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003UA.job
- c:\users\Ralph Richards\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19 03:21]
.
2014-03-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-04-26 06:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!7
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-10 17:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4159860774-2674509857-3937360078-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,4e,62,df,1d,65,c2,63,92,98,bb,36,b5,32,29,09,24,b7,71,74,8d,
   5b,cb,31,9d,cd,d3,31,19,3f,05,27,34,af,18,62,8e,b8,07,9a,41,d1,f5,a8,d2,84,\
"rkeysecu"=hex:03,49,02,28,f1,59,8a,ad,53,a5,92,10,f7,94,77,8f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-04-10  17:44:54
ComboFix-quarantined-files.txt  2014-04-10 07:44
ComboFix2.txt  2014-04-09 10:35
.
Pre-Run: 282,580,082,688 bytes free
Post-Run: 282,593,488,896 bytes free
.
- - End Of File - - 8E9F795E5D588381BCA5CEBB87CF791A
85D751F0E41B8E520AEE8C07A8DA777B
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/04/2014
Scan Time: 6:06:44 PM
Logfile: Mbam log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.10.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ralph Richards

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280617
Time Elapsed: 15 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Trojan.Zbot.RV, C:\Users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe, 5464, Delete-on-Reboot, [2883899f4b30bf770f773b039b65d030]
Backdoor.Bot, C:\Users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe, 5624, Delete-on-Reboot, [eebdf5339be0fb3b81da1d2104fc50b0]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Zbot.RV, HKU\S-1-5-21-4159860774-2674509857-3937360078-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Touqsacy, "C:\Users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe", Quarantined, [2883899f4b30bf770f773b039b65d030]
Backdoor.Bot, HKU\S-1-5-21-4159860774-2674509857-3937360078-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ynupguivoguhis, "C:\Users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe", Quarantined, [eebdf5339be0fb3b81da1d2104fc50b0]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Zbot.RV, C:\Users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe, Delete-on-Reboot, [2883899f4b30bf770f773b039b65d030],
Backdoor.Bot, C:\Users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe, Delete-on-Reboot, [eebdf5339be0fb3b81da1d2104fc50b0],
PUP.Optional.Conduit.A, C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=&SSPV=" ],), Replaced,[72390f191e5d6bcbbf3aec5aee1651af]

Physical Sectors: 0
(No malicious items detected)


(end)



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 11 April 2014 - 08:10 AM

OK, please run Combofix again (without the script).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 April 2014 - 04:44 AM

ComboFix 14-04-08.01 - Ralph Richards 13/04/2014  13:03:15.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3068.1873 [GMT 10:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-13 to 2014-04-13  )))))))))))))))))))))))))))))))
.
.
2014-04-13 03:10 . 2014-04-13 03:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-13 03:10 . 2014-04-13 03:10    --------    d-----w-    c:\users\admin\AppData\Local\temp
2014-04-10 07:49 . 2014-04-13 03:14    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-10 07:49 . 2014-04-02 23:51    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-10 07:49 . 2014-04-02 23:51    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-10 07:49 . 2014-04-02 23:50    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-10 07:49 . 2014-04-10 07:49    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-10 07:49 . 2014-04-10 07:49    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-08 11:08 . 2014-04-10 08:07    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-08 11:03 . 2014-04-08 11:03    --------    d-----w-    c:\program files\ESET
2014-04-08 10:58 . 2014-04-08 10:58    --------    d-----w-    c:\windows\ERUNT
2014-04-08 10:51 . 2014-04-08 10:53    --------    d-----w-    C:\AdwCleaner
2014-04-07 23:22 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCBB1299-EBA3-478C-BB0E-FEF4464B4F86}\mpengine.dll
2014-04-07 21:48 . 2014-04-10 08:07    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Huinpuny
2014-04-07 19:05 . 2014-04-07 23:38    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 16:03 . 2014-04-08 12:09    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-07 16:03 . 2014-04-07 16:03    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 15:54 . 2014-04-07 23:38    --------    d-----w-    c:\users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-06 19:16 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 16:21 . 2014-03-04 06:58    765968    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57DBBED6-1E8D-432C-A8DD-0D7B01EF331A}\gapaengine.dll
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----w-    c:\users\Ralph Richards\AppData\Local\Skype
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----w-    c:\program files\Common Files\Skype
2014-03-16 09:02 . 2014-03-16 09:02    --------    d-----r-    c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 22:09 . 2012-07-14 09:40    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 22:09 . 2011-08-02 05:02    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 22:52 . 2010-10-24 10:25    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 06:58 . 2010-12-26 00:52    765968    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-23 05:47 . 2014-03-13 19:53    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-23 05:40 . 2014-03-13 19:53    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-02-23 05:39 . 2014-03-13 19:53    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-23 05:38 . 2014-03-13 19:53    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-23 05:37 . 2014-03-13 19:53    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-23 05:36 . 2014-03-13 19:53    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-07 10:38 . 2014-03-13 04:40    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-13 04:40    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-13 04:40    876032    ----a-w-    c:\windows\system32\wer.dll
2014-01-24 14:19 . 2014-01-24 14:19    231960    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2010-12-26 01:00    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-13 03:21 . 2013-12-13 03:21    49940480    ----a-w-    c:\program files\GUT6F9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Quceod"="c:\users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-10 951576]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-08 75008]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 02:07    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 19:02    1150280    ----a-w-    c:\program files\google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 22:09]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-26 02:12]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-26 02:12]
.
2014-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003Core.job
- c:\users\Ralph Richards\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19 03:21]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003UA.job
- c:\users\Ralph Richards\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-19 03:21]
.
2014-03-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-04-26 06:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!7
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Touqsacy - c:\users\Ralph Richards\AppData\Roaming\Huinpuny\ekisukn.exe
HKCU-Run-Ynupguivoguhis - c:\users\Ralph Richards\AppData\Roaming\Ozadorse\gusih.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4159860774-2674509857-3937360078-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,4e,62,df,1d,65,c2,63,92,98,bb,36,b5,32,29,09,24,b7,71,74,8d,
   5b,cb,31,9d,cd,d3,31,19,3f,05,27,34,af,18,62,8e,b8,07,9a,41,d1,f5,a8,d2,84,\
"rkeysecu"=hex:03,49,02,28,f1,59,8a,ad,53,a5,92,10,f7,94,77,8f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Microsoft Security Client\NisSrv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-04-13  13:19:36 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-13 03:19
ComboFix2.txt  2014-04-10 07:44
ComboFix3.txt  2014-04-09 10:35
.
Pre-Run: 282,457,063,424 bytes free
Post-Run: 282,418,872,320 bytes free
.
- - End Of File - - A73F56C063B41425E6C5470584F8A718
85D751F0E41B8E520AEE8C07A8DA777B
 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 14 April 2014 - 08:09 AM

It seems we need another gun on this...

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 14 April 2014 - 09:49 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by SYSTEM on MINWINPC on 15-04-2014 12:44:57
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-04-23] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-09] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-12-07] (Cyberlink Corp.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13826664 2009-10-02] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-19] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-10] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-08] (Hewlett-Packard)
HKLM\...\Run: [Reader Application Helper] => C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-11-27] (Sony Corporation)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-26] (Microsoft Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-19] (Apple Inc.)
HKU\admin\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2009-04-10] (Microsoft Corporation)
HKU\admin\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\admin\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-04-15] (Hewlett-Packard Company)
HKU\Default\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Ralph Richards\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Ralph Richards\...\Run: [Quceod] => "C:\Users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe"

========================== Services (Whitelisted) =================

S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-26] (Microsoft Corp.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-08] (Hewlett-Packard)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-04] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-02] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-02] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-10] (Microsoft Corporation)
S2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-23] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-23] ()
S2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-20] (Microsoft Corporation)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-09] (Gemalto)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-02] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2010-07-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-07-26] (TCT International Mobile Ltd)
S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-25] (Sierra Wireless Inc.)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-20] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-20] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [156544 2010-06-20] (Sierra Wireless Inc.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 eabfiltr;
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 oervqlzg; \??\C:\Windows\system32\drivers\oervqlzg.sys [X]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 12:44 - 2014-04-15 12:44 - 00000000 ____D () C:\FRST
2014-04-12 19:19 - 2014-04-12 19:19 - 00016829 _____ () C:\ComboFix.txt
2014-04-09 23:49 - 2014-04-14 18:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-09 23:49 - 2014-04-09 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 23:49 - 2014-04-09 23:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-09 23:49 - 2014-04-02 15:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-09 23:49 - 2014-04-02 15:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-09 23:49 - 2014-04-02 15:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-09 02:19 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-09 02:19 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-09 02:19 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-09 02:19 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-09 02:19 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-09 02:19 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-09 02:19 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-09 02:19 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-09 02:18 - 2014-04-12 19:19 - 00000000 ____D () C:\Qoobox
2014-04-09 02:17 - 2014-04-12 19:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-08 15:36 - 2014-04-08 15:36 - 00005813 _____ () C:\Users\Ralph Richards\Desktop\attach.txt
2014-04-08 15:36 - 2014-04-08 15:35 - 00016998 _____ () C:\Users\Ralph Richards\Desktop\dds.txt
2014-04-08 03:08 - 2014-04-10 00:07 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-08 03:03 - 2014-04-08 03:03 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 03:00 - 2014-04-08 03:00 - 00003530 _____ () C:\Users\Ralph Richards\Desktop\JRT.txt
2014-04-08 02:58 - 2014-04-08 02:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 02:51 - 2014-04-08 02:53 - 00000000 ____D () C:\AdwCleaner
2014-04-07 13:48 - 2014-04-10 00:07 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Huinpuny
2014-04-07 11:05 - 2014-04-07 15:38 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\AppData\Local\avscauqo
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\AppData\Local\tmfcamng
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\stlxmhwm
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\toqcqdpb
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\dsncbvau
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\rqatimnv
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\AppData\Local\wmcodgma
2014-04-07 08:03 - 2014-04-08 04:09 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-07 08:03 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\jutbgxcj
2014-04-07 07:54 - 2014-04-07 15:38 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00000000 _____ () C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs
2014-04-03 21:12 - 2014-04-03 21:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-18 00:08 - 2014-03-18 00:09 - 00000000 ____D () C:\Users\Ralph Richards\Documents\Youcam
2014-03-18 00:02 - 2014-03-18 00:02 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Ralph Richards\Downloads\SkypeSetup.exe
2014-03-17 12:41 - 2014-03-17 12:40 - 00277624 _____ () C:\Users\Public\tWVOW4K7.htm
2014-03-16 01:02 - 2014-03-16 01:02 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 01:02 - 2014-03-16 01:02 - 00001878 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ___RD () C:\Program Files\Skype
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ____D () C:\Users\Ralph Richards\Local Settings\Application Data\Skype
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Local\Skype
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-16 00:47 - 2014-03-16 00:50 - 34828960 _____ (Skype Technologies S.A.) C:\Users\Ralph Richards\Documents\SkypeSetupFull.exe

==================== One Month Modified Files and Folders =======

2014-04-15 12:44 - 2014-04-15 12:44 - 00000000 ____D () C:\FRST
2014-04-14 18:40 - 2008-12-06 00:11 - 01253752 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 18:38 - 2014-04-09 23:49 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-14 18:37 - 2008-12-06 00:46 - 00004600 _____ () C:\Users\Public\Documents\hpqp.ini
2014-04-14 18:37 - 2008-12-06 00:46 - 00004600 _____ () C:\ProgramData\Documents\hpqp.ini
2014-04-14 18:36 - 2008-12-06 00:41 - 00206166 _____ () C:\ProgramData\nvModes.001
2014-04-14 18:35 - 2008-12-06 00:41 - 00206166 _____ () C:\ProgramData\nvModes.dat
2014-04-14 18:35 - 2006-11-02 04:47 - 00004784 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 18:35 - 2006-11-02 04:47 - 00004784 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-12 19:19 - 2014-04-12 19:19 - 00016829 _____ () C:\ComboFix.txt
2014-04-12 19:19 - 2014-04-09 02:18 - 00000000 ____D () C:\Qoobox
2014-04-12 19:17 - 2006-11-02 02:33 - 00759582 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-12 19:14 - 2014-04-09 02:17 - 00000000 ____D () C:\Windows\erdnt
2014-04-12 19:14 - 2006-11-02 02:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-12 19:11 - 2008-01-20 18:47 - 00761022 _____ () C:\Windows\PFRO.log
2014-04-10 00:07 - 2014-04-08 03:08 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-10 00:07 - 2014-04-07 13:48 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Huinpuny
2014-04-09 23:49 - 2014-04-09 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 23:49 - 2014-04-09 23:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-09 02:35 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default
2014-04-09 02:35 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-04-08 15:36 - 2014-04-08 15:36 - 00005813 _____ () C:\Users\Ralph Richards\Desktop\attach.txt
2014-04-08 15:35 - 2014-04-08 15:36 - 00016998 _____ () C:\Users\Ralph Richards\Desktop\dds.txt
2014-04-08 04:09 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-08 03:30 - 2009-04-13 09:57 - 00007808 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\d3d9caps.dat
2014-04-08 03:30 - 2009-04-13 09:57 - 00007808 _____ () C:\Users\Ralph Richards\AppData\Local\d3d9caps.dat
2014-04-08 03:03 - 2014-04-08 03:03 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 03:00 - 2014-04-08 03:00 - 00003530 _____ () C:\Users\Ralph Richards\Desktop\JRT.txt
2014-04-08 02:58 - 2014-04-08 02:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 02:53 - 2014-04-08 02:51 - 00000000 ____D () C:\AdwCleaner
2014-04-07 15:48 - 2012-10-26 13:31 - 00000000 ____D () C:\Program Files\WarfareTransporter_at
2014-04-07 15:38 - 2014-04-07 11:05 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 15:38 - 2014-04-07 07:54 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-07 15:13 - 2011-12-03 21:56 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\uTorrent
2014-04-07 14:53 - 2010-06-28 18:45 - 00000000 ____D () C:\Program Files\Sierra Wireless Inc
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\AppData\Local\avscauqo
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\AppData\Local\tmfcamng
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\stlxmhwm
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\toqcqdpb
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\dsncbvau
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\rqatimnv
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\AppData\Local\wmcodgma
2014-04-07 08:03 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\jutbgxcj
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00000000 _____ () C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs
2014-04-05 12:33 - 2012-05-02 15:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-03 21:13 - 2014-04-03 21:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-03 20:35 - 2010-12-25 16:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 20:34 - 2010-12-25 16:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-02 15:51 - 2014-04-09 23:49 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-02 15:51 - 2014-04-09 23:49 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-02 15:50 - 2014-04-09 23:49 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-28 17:30 - 2011-07-22 18:48 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\HpUpdate
2014-03-22 02:07 - 2009-04-20 19:11 - 00000021 _____ () C:\Users\Public\Documents\hpqp.txt
2014-03-22 02:07 - 2009-04-20 19:11 - 00000021 _____ () C:\ProgramData\Documents\hpqp.txt
2014-03-19 13:38 - 2013-08-08 09:48 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-19 13:35 - 2006-11-02 02:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-18 19:10 - 2010-05-20 22:23 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Mozilla
2014-03-18 00:12 - 2010-03-29 16:36 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Skype
2014-03-18 00:09 - 2014-03-18 00:08 - 00000000 ____D () C:\Users\Ralph Richards\Documents\Youcam
2014-03-18 00:09 - 2008-12-06 00:46 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-18 00:02 - 2014-03-18 00:02 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Ralph Richards\Downloads\SkypeSetup.exe
2014-03-17 12:40 - 2014-03-17 12:41 - 00277624 _____ () C:\Users\Public\tWVOW4K7.htm
2014-03-16 01:02 - 2014-03-16 01:02 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 01:02 - 2014-03-16 01:02 - 00001878 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ___RD () C:\Program Files\Skype
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ____D () C:\Users\Ralph Richards\Local Settings\Application Data\Skype
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Local\Skype
2014-03-16 01:02 - 2014-03-16 01:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-16 01:02 - 2010-03-29 16:34 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 00:50 - 2014-03-16 00:47 - 34828960 _____ (Skype Technologies S.A.) C:\Users\Ralph Richards\Documents\SkypeSetupFull.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-04-07 14:14:12
Restore point made on: 2014-04-07 14:47:35
Restore point made on: 2014-04-07 14:50:16
Restore point made on: 2014-04-07 15:49:10
Restore point made on: 2014-04-09 02:20:13

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4092.41 MB
Available physical RAM: 3533.81 MB
Total Pagefile: 3796.32 MB
Available Pagefile: 3608.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:363.02 GB) (Free:263.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.59 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (UNSW-ADFA) (Removable) (Total:3.69 GB) (Free:3.56 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 373 GB) (Disk ID: E2048691)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-04-12 19:21

==================== End Of Log ============================



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 15 April 2014 - 07:22 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\Ralph Richards\...\Run: [Quceod] => "C:\Users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe"
    
    S1 oervqlzg; \??\C:\Windows\system32\drivers\oervqlzg.sys [X]
    
    C:\Users\Ralph Richards\AppData\Roaming\Pebaxu
    C:\Windows\system32\drivers\oervqlzg.sys
    2014-04-08 03:08 - 2014-04-10 00:07 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ozadorse
    2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo
    2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\AppData\Local\avscauqo
    2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng
    2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\AppData\Local\tmfcamng
    2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm
    2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\stlxmhwm
    2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb
    2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\toqcqdpb
    2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau
    2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\dsncbvau
    2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv
    2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\rqatimnv
    2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma
    2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\AppData\Local\wmcodgma
    2014-04-07 08:03 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Beol
    2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj
    2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\jutbgxcj
    2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm
    2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\rggkwwhm
    2014-04-07 07:54 - 2014-04-07 07:54 - 00000000 _____ () C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs
    2014-04-07 15:38 - 2014-04-07 11:05 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Embiry
    2014-04-07 15:38 - 2014-04-07 07:54 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ybetucd
    2014-04-08 04:09 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Uxxiag
    2014-04-10 00:07 - 2014-04-07 13:48 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Huinpuny
    c:\windows\Tasks\Security Center Update - 2895121555.job
    c:\windows\Tasks\Security Center Update - 553263651.job

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Boot into windows now.

 

 

Run FRST again, ensure a checkmark is placed next to "addition.txt" and hit scan.

It will make two log files, please attach them to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 15 April 2014 - 08:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by SYSTEM at 2014-04-16 11:26:06 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Ralph Richards\...\Run: [Quceod] => "C:\Users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe"

S1 oervqlzg; \??\C:\Windows\system32\drivers\oervqlzg.sys [X]

C:\Users\Ralph Richards\AppData\Roaming\Pebaxu
C:\Windows\system32\drivers\oervqlzg.sys
2014-04-08 03:08 - 2014-04-10 00:07 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\AppData\Local\avscauqo
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\AppData\Local\tmfcamng
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\stlxmhwm
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\toqcqdpb
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\dsncbvau
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\rqatimnv
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\AppData\Local\wmcodgma
2014-04-07 08:03 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\jutbgxcj
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00000000 _____ () C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs
2014-04-07 15:38 - 2014-04-07 11:05 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 15:38 - 2014-04-07 07:54 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-08 04:09 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-10 00:07 - 2014-04-07 13:48 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Huinpuny
c:\windows\Tasks\Security Center Update - 2895121555.job
c:\windows\Tasks\Security Center Update - 553263651.job
*****************

HKU\Ralph Richards\Software\Microsoft\Windows\CurrentVersion\Run\\Quceod => Value deleted successfully.
oervqlzg => Service deleted successfully.
"C:\Users\Ralph Richards\AppData\Roaming\Pebaxu" => File/Directory not found.
"C:\Windows\system32\drivers\oervqlzg.sys" => File/Directory not found.
C:\Users\Ralph Richards\AppData\Roaming\Ozadorse => Moved successfully.
C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\avscauqo" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\tmfcamng" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\stlxmhwm" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\toqcqdpb" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\dsncbvau" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\rqatimnv" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\wmcodgma" => File/Directory not found.
C:\Users\Ralph Richards\AppData\Roaming\Beol => Moved successfully.
C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\jutbgxcj" => File/Directory not found.
C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm => Moved successfully.
"C:\Users\Ralph Richards\AppData\Local\rggkwwhm" => File/Directory not found.
C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs => Moved successfully.
C:\Users\Ralph Richards\AppData\Roaming\Embiry => Moved successfully.
C:\Users\Ralph Richards\AppData\Roaming\Ybetucd => Moved successfully.
C:\Users\Ralph Richards\AppData\Roaming\Uxxiag => Moved successfully.
C:\Users\Ralph Richards\AppData\Roaming\Huinpuny => Moved successfully.
"c:\windows\Tasks\Security Center Update - 2895121555.job" => File/Directory not found.
"c:\windows\Tasks\Security Center Update - 553263651.job" => File/Directory not found.

==== End of Fixlog ====

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Ralph Richards at 2014-04-16 11:42:43 Run:2
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Ralph Richards\...\Run: [Quceod] => "C:\Users\Ralph Richards\AppData\Roaming\Pebaxu\owaf.exe"

S1 oervqlzg; \??\C:\Windows\system32\drivers\oervqlzg.sys [X]

C:\Users\Ralph Richards\AppData\Roaming\Pebaxu
C:\Windows\system32\drivers\oervqlzg.sys
2014-04-08 03:08 - 2014-04-10 00:07 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ozadorse
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo
2014-04-07 11:04 - 2014-04-07 11:04 - 00006338 _____ () C:\Users\Ralph Richards\AppData\Local\avscauqo
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng
2014-04-07 08:23 - 2014-04-07 08:23 - 00012326 _____ () C:\Users\Ralph Richards\AppData\Local\tmfcamng
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm
2014-04-07 08:22 - 2014-04-07 08:22 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\stlxmhwm
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb
2014-04-07 08:20 - 2014-04-07 08:20 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\toqcqdpb
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau
2014-04-07 08:19 - 2014-04-07 08:19 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\dsncbvau
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv
2014-04-07 08:15 - 2014-04-07 08:15 - 01031881 _____ () C:\Users\Ralph Richards\AppData\Local\rqatimnv
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma
2014-04-07 08:10 - 2014-04-07 08:10 - 00068465 _____ () C:\Users\Ralph Richards\AppData\Local\wmcodgma
2014-04-07 08:03 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Beol
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj
2014-04-07 08:02 - 2014-04-07 08:02 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\jutbgxcj
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00650598 _____ () C:\Users\Ralph Richards\AppData\Local\rggkwwhm
2014-04-07 07:54 - 2014-04-07 07:54 - 00000000 _____ () C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs
2014-04-07 15:38 - 2014-04-07 11:05 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Embiry
2014-04-07 15:38 - 2014-04-07 07:54 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Ybetucd
2014-04-08 04:09 - 2014-04-07 08:03 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Uxxiag
2014-04-10 00:07 - 2014-04-07 13:48 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\Huinpuny
c:\windows\Tasks\Security Center Update - 2895121555.job
c:\windows\Tasks\Security Center Update - 553263651.job
*****************

HKU\Ralph Richards\Software\Microsoft\Windows\CurrentVersion\Run\\Quceod => Value not found.
oervqlzg => Service not found.
"C:\Users\Ralph Richards\AppData\Roaming\Pebaxu" => File/Directory not found.
"C:\Windows\system32\drivers\oervqlzg.sys" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\Ozadorse" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\avscauqo" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\avscauqo" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\tmfcamng" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\tmfcamng" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\stlxmhwm" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\stlxmhwm" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\toqcqdpb" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\toqcqdpb" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\dsncbvau" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\dsncbvau" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\rqatimnv" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\rqatimnv" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\wmcodgma" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\wmcodgma" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\Beol" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\jutbgxcj" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\jutbgxcj" => File/Directory not found.
"C:\Users\Ralph Richards\Local Settings\Application Data\rggkwwhm" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Local\rggkwwhm" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\SharedSettings.ccs" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\Embiry" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\Ybetucd" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\Uxxiag" => File/Directory not found.
"C:\Users\Ralph Richards\AppData\Roaming\Huinpuny" => File/Directory not found.
"c:\windows\Tasks\Security Center Update - 2895121555.job" => File/Directory not found.
"c:\windows\Tasks\Security Center Update - 553263651.job" => File/Directory not found.

==== End of Fixlog ====



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 16 April 2014 - 04:04 PM

Please boot into windows and rescan with FRST.

Post up the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 awmau

awmau
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 22 April 2014 - 09:13 PM

Sorry for the delay - was away and it's not my laptop... I realy appreciate your help :)

------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014 (ATTENTION: ====> FRST version is 9 days old and could be outdated)
Ran by Ralph Richards (administrator) on RALPHRICHARD-PC on 23-04-2014 12:09:12
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
(Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-16] (Intel Corporation)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-25] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-04-24] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-15] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-21] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13826664 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [Reader Application Helper] => C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-11-27] (Sony Corporation)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-4159860774-2674509857-3937360078-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0D4DEE18-9478-4BFE-9770-9C2AB2B53C90} URL = http://searchresults.news.com.au/servlet/Search?site=ninews&queryterm={searchTerms}&searchoption=yes
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default
FF DefaultSearchEngine: Yahoo!7
FF SelectedSearchEngine: Yahoo!7
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @ei.MyFunCards_5m.com/Plugin - C:\Program Files\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @sony.com/ReaderDesktop - C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.11 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ralph Richards\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ralph Richards\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ralph Richards\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ralph Richards\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ralph Richards\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ralph Richards\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ralph Richards\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\searchplugins\Retrogamer_2z.xml
FF SearchPlugin: C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\searchplugins\yahoo7.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: English (Australian) Dictionary - C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\Extensions\en-AU@dictionaries.addons.mozilla.org [2011-11-06]
FF Extension: Adblock Plus - C:\Users\Ralph Richards\AppData\Roaming\Mozilla\Firefox\Profiles\o5mz3dvi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-10]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (MyFunCards Installer Plugin Stub) - C:\Program Files\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Ralph Richards\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Ask Toolbar) - C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2013-10-27]
CHR Extension: (YouTube) - C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-26]
CHR Extension: (Google Search) - C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-26]
CHR Extension: (Google Wallet) - C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Ralph Richards\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-26]
CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2012-11-26]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\RALPHR~1\AppData\Local\Temp\ccex.crx [2012-11-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-24] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-24] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-27] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-12] (Hewlett-Packard Development Company, L.P.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2010-07-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-07-27] (TCT International Mobile Ltd)
R3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-26] (Sierra Wireless Inc.)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [156544 2010-06-21] (Sierra Wireless Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U1 eabfiltr;
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 06:44 - 2014-04-23 12:09 - 00000000 ____D () C:\FRST
2014-04-13 13:19 - 2014-04-13 13:19 - 00016829 _____ () C:\ComboFix.txt
2014-04-10 17:49 - 2014-04-23 11:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 17:49 - 2014-04-10 17:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 17:49 - 2014-04-10 17:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-10 17:49 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 17:49 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 17:49 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 20:19 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-09 20:19 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-09 20:19 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-09 20:19 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-09 20:19 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-09 20:19 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-09 20:19 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-09 20:19 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-09 20:18 - 2014-04-13 13:19 - 00000000 ____D () C:\Qoobox
2014-04-09 20:17 - 2014-04-13 13:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 09:36 - 2014-04-09 09:36 - 00005813 _____ () C:\Users\Ralph Richards\Desktop\attach.txt
2014-04-09 09:36 - 2014-04-09 09:35 - 00016998 _____ () C:\Users\Ralph Richards\Desktop\dds.txt
2014-04-08 21:03 - 2014-04-08 21:03 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 21:00 - 2014-04-08 21:00 - 00003530 _____ () C:\Users\Ralph Richards\Desktop\JRT.txt
2014-04-08 20:58 - 2014-04-08 20:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 20:51 - 2014-04-08 20:53 - 00000000 ____D () C:\AdwCleaner
2014-04-04 15:12 - 2014-04-04 15:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-23 12:09 - 2014-04-16 06:44 - 00000000 ____D () C:\FRST
2014-04-23 12:09 - 2012-07-14 19:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 12:07 - 2014-01-19 17:29 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003UA.job
2014-04-23 12:07 - 2012-11-26 12:12 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 12:03 - 2008-12-06 18:11 - 01335480 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 11:58 - 2006-11-02 20:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 11:56 - 2014-04-10 17:49 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 11:55 - 2008-12-06 18:46 - 00004603 _____ () C:\Users\Public\Documents\hpqp.ini
2014-04-23 11:53 - 2012-11-26 12:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 11:53 - 2008-12-06 18:41 - 00206166 _____ () C:\ProgramData\nvModes.dat
2014-04-23 11:53 - 2008-12-06 18:41 - 00206166 _____ () C:\ProgramData\nvModes.001
2014-04-23 11:53 - 2006-11-02 23:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 11:53 - 2006-11-02 22:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 11:53 - 2006-11-02 22:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 11:44 - 2006-11-02 23:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-13 13:19 - 2014-04-13 13:19 - 00016829 _____ () C:\ComboFix.txt
2014-04-13 13:19 - 2014-04-09 20:18 - 00000000 ____D () C:\Qoobox
2014-04-13 13:14 - 2014-04-09 20:17 - 00000000 ____D () C:\Windows\erdnt
2014-04-13 13:14 - 2006-11-02 20:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-13 13:11 - 2008-01-21 12:47 - 00761022 _____ () C:\Windows\PFRO.log
2014-04-10 17:49 - 2014-04-10 17:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 17:49 - 2014-04-10 17:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-09 20:35 - 2006-11-02 21:18 - 00000000 __RHD () C:\Users\Default
2014-04-09 20:35 - 2006-11-02 21:18 - 00000000 ___RD () C:\Users\Public
2014-04-09 09:36 - 2014-04-09 09:36 - 00005813 _____ () C:\Users\Ralph Richards\Desktop\attach.txt
2014-04-09 09:35 - 2014-04-09 09:36 - 00016998 _____ () C:\Users\Ralph Richards\Desktop\dds.txt
2014-04-09 08:07 - 2014-01-19 17:29 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159860774-2674509857-3937360078-1003Core.job
2014-04-08 21:30 - 2009-04-14 03:57 - 00007808 _____ () C:\Users\Ralph Richards\AppData\Local\d3d9caps.dat
2014-04-08 21:03 - 2014-04-08 21:03 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 21:00 - 2014-04-08 21:00 - 00003530 _____ () C:\Users\Ralph Richards\Desktop\JRT.txt
2014-04-08 20:58 - 2014-04-08 20:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 20:53 - 2014-04-08 20:51 - 00000000 ____D () C:\AdwCleaner
2014-04-08 09:48 - 2012-10-27 07:31 - 00000000 ____D () C:\Program Files\WarfareTransporter_at
2014-04-08 09:13 - 2011-12-04 15:56 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\uTorrent
2014-04-08 08:53 - 2010-06-29 12:45 - 00000000 ____D () C:\Program Files\Sierra Wireless Inc
2014-04-06 06:33 - 2012-05-03 09:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-04 15:13 - 2014-04-04 15:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-04 14:35 - 2010-12-26 10:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-04 14:34 - 2010-12-26 10:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 09:51 - 2014-04-10 17:49 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 17:49 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 17:49 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 11:30 - 2011-07-23 12:48 - 00000000 ____D () C:\Users\Ralph Richards\AppData\Roaming\HpUpdate

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 12:00

==================== End Of Log ============================



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 23 April 2014 - 04:53 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users