Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Pop Ups - Hardly able to use site


  • This topic is locked This topic is locked
14 replies to this topic

#1 iNTeRNeT JuNKie

iNTeRNeT JuNKie

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 April 2014 - 10:20 PM

Hello,

 

  Can someone please help me clean my son's PC? Lots & lots of pop ups.

 

HP Desktop

Model - P7-123

Windows 7 / 64-bit Operating System

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Hathaikan`` at 20:09:43 on 2014-04-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7667.3942 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Hathaikan``\AppData\Local\iLivid\iLivid.exe
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Users\Hathaikan``\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files (x86)\diamondata\updatediamondata.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\program files (x86)\wedownload\wedownload-bg.exe
C:\program files (x86)\plus-hd-1.3\plus-hd-1.3-bg.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3284079&octid=CT3284079&SearchSource=61&CUI=UN24175472881898330&UM=2&UP=SP892CDDE8-5C8E-4012-92A6-27F7420BE744
uSearch Bar = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
mURLSearchHooks: {6132fda2-0da5-4f6f-bb57-df07abd10eab} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: diamondata: {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondatabho.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: SaveSense: {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll
BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll
BHO: weDownload: {11111111-1111-1111-1111-110311431144} - C:\Program Files (x86)\weDownload\weDownload-bho.dll
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: {6132fda2-0da5-4f6f-bb57-df07abd10eab} - <orphaned>
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly Shopping: {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.): {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Movies Toolbar (Dist. by Bandoo Media, Inc.): {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
uRun: [NTRedirect] C:\windows\SysWOW64\rundll32.exe "C:\Users\Hathaikan``\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
uRun: [iLivid] "C:\Users\Hathaikan``\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\HATHAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A925B770-EFE6-4C51-B1B1-DD2C715139C6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FFCCA069-05E4-45E0-BECF-E4E95A64EFE9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FFCCA069-05E4-45E0-BECF-E4E95A64EFE9}\2656C6B696E6E2463616 : DHCPNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\movies~1\datamngr\mgrldr.dll c:\progra~3\wincert\win32c~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
x64-BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.): {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Movies Toolbar (Dist. by Bandoo Media, Inc.): {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-4-24 78976]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-4-24 38528]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-27 969200]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-7-27 359464]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-7-27 46368]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-24 204288]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-7-27 25232]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-27 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-29 44808]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [2014-1-24 3447808]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-4-24 1128952]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-31 5341536]
R2 TorchCrashHandler;Torch Crash Handler;C:\Users\Hathaikan``\AppData\Local\Torch\Update\TorchCrashHandler.exe [2014-1-24 1214472]
R2 Update diamondata;Update diamondata;C:\Program Files (x86)\diamondata\updatediamondata.exe [2013-8-31 206624]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2012-4-24 1582144]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-24 533096]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2012-4-24 47232]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
S2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe --> C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 dealplylive;DealPly Live Service (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-8-21 148000]
S2 DefaultTabUpdate;DefaultTabUpdate;"C:\Users\Hathaikan``\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" --> C:\Users\Hathaikan``\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [?]
S2 savesenselive;SaveSenseLive Service (savesenselive);C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-1-28 146920]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [?]
S3 dealplylivem;DealPly Live Service (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-8-21 148000]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-30 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 savesenselivem;SaveSenseLive Service (savesenselivem);C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-1-28 146920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-18 02:10:37 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E6C638E-5095-40F4-8794-2F5C261880BE}\mpengine.dll
2014-03-31 02:09:13 -------- d-----w- C:\Program Files (x86)\SuperFastPC
2014-03-31 01:58:32 -------- d-----w- C:\Program Files\CCleaner
2014-03-31 01:40:56 -------- d-----w- C:\windows\pss
2014-03-31 01:10:59 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-03-31 01:10:59 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-31 01:10:58 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-31 01:10:58 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-03-31 01:10:52 624128 ----a-w- C:\windows\System32\qedit.dll
2014-03-31 01:10:52 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-03-31 16:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-03-31 01:46:11 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 01:46:11 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 01:07:23 452 ----a-w- C:\windows\SysWow64\ff.bin
2014-03-31 01:01:04 536 ----a-w- C:\windows\SysWow64\schtasks.bin
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
.
============= FINISH: 20:10:04.43 ===============
 



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 18 April 2014 - 05:53 AM

:welcome:

Hello iNTeRNeT JuNKie,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 iNTeRNeT JuNKie

iNTeRNeT JuNKie
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 April 2014 - 09:02 AM

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Wise Disk Cleaner 7.56 
 Wise Registry Cleaner 7.41 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date! 
 Mozilla Firefox 27.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

 

OTL logfile created on: 4/18/2014 6:50:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hathaikan``\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.49 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 71.00% Memory free
14.97 Gb Paging File | 12.05 Gb Available in Paging File | 80.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.52 Gb Total Space | 854.34 Gb Free Space | 93.42% Space Free | Partition Type: NTFS
Drive D: | 16.77 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
 
Computer Name: HATHAIKAN | User Name: Hathaikan`` | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hathaikan``\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.)
PRC - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
PRC - C:\Users\Hathaikan``\AppData\Local\Torch\Update\TorchCrashHandler.exe (TorchMedia Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bg.exe (Plus HD)
PRC - C:\Users\Hathaikan``\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
PRC - C:\Program Files (x86)\weDownload\weDownload-bg.exe (weDownload)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f0b36ad0ff72c3122a547f952b936ef5\ReachFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
MOD - C:\Users\Hathaikan``\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (savesenselivem) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe (SaveSense)
SRV - (savesenselive) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe (SaveSense)
SRV - (DatamngrCoordinator) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
SRV - (TorchCrashHandler) -- C:\Users\Hathaikan``\AppData\Local\Torch\Update\TorchCrashHandler.exe (TorchMedia Inc.)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (Update diamondata) -- C:\Program Files (x86)\diamondata\updatediamondata.exe (diamondata)
SRV - (dealplylivem) -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (DealPly Technologies Ltd)
SRV - (dealplylive) -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (DealPly Technologies Ltd)
SRV - (BackupStack) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1237&systemid=406&v=n11099-237&apn_uid=0908337753244104&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{B90AD615-78A8-4268-B672-1E827C613A25}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6132fda2-0da5-4f6f-bb57-df07abd10eab} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1237&systemid=406&v=n11099-237&apn_uid=0908337753244104&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=DC8A446D57B439F2&affID=120007&tt=010913_12&tsp=4993
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3284079&octid=CT3284079&SearchSource=61&CUI=UN24175472881898330&UM=2&UP=SP892CDDE8-5C8E-4012-92A6-27F7420BE744
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP30054A1F-A774-4D8A-A1F3-954D2670F21E&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DC8A446D57B439F2&affID=120007&tt=010913_12&tsp=4993
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1237&systemid=406&v=n11099-237&apn_uid=0908337753244104&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3284079.browser.search.defaultthis.engineName: "true"
FF - prefs.js..CT3297951.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "SearchYo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3284079&CUI=UN17812757079375320&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Amazon "
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1237&v=n11099-237&t=4"
FF - prefs.js..extensions.enabledAddons: %7B1BE3023D-C419-0C7D-E351-6BBBA7D8F77C%7D:5.0.0.12144
FF - prefs.js..extensions.enabledAddons: %7B8b337819-d1e8-48d3-8178-168ae8c99c36%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7Ba463dc7d-8d94-1ba6-b610-15f54b22931c%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B10886a85-c81d-48e0-a17e-106b174c4131%7D:1.150
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1466
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.94.196
FF - prefs.js..extensions.enabledAddons: 509508ef-0b14-4616-a557-0d58601be33d%40c4a581e9-0ea6-46db-a185-58e021ee138c.com:0.94.200
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/29 19:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{10886a85-c81d-48e0-a17e-106b174c4131}: C:\Program Files (x86)\Buzz-it\150.xpi [2014/01/24 11:52:11 | 000,007,518 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/07/27 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Extensions
[2014/04/17 20:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions
[2014/04/17 20:06:11 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{1BE3023D-C419-0C7D-E351-6BBBA7D8F77C}
[2014/01/28 20:28:25 | 000,000,000 | ---D | M] (SaveSense) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
[2013/08/21 16:01:44 | 000,000,000 | ---D | M] (DealPly  Shopping) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
[2013/12/04 16:44:51 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{a463dc7d-8d94-1ba6-b610-15f54b22931c}
[2014/01/24 11:25:49 | 000,000,000 | ---D | M] (Movies Toolbar (Dist. by Bandoo Media, Inc.)) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{d1dac034-9fd9-4c13-a388-d2e10e57707f}
[2014/03/30 15:48:26 | 000,000,000 | ---D | M] ("weDownload Manager") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com
[2014/03/30 15:48:14 | 000,000,000 | ---D | M] ("Plus-HD-1.3") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
[2014/04/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData
[2014/04/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\plugins
[2014/04/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\userCode
[2014/04/17 19:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData
[2014/04/17 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins
[2014/04/17 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode
[2014/03/30 18:12:08 | 000,050,775 | ---- | M] () (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\addon@defaulttab.com.xpi
[2013/08/31 00:49:38 | 000,007,640 | ---- | M] () (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\firefox@diamondata.net.xpi
[2014/01/24 11:25:39 | 000,002,666 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\Ask.xml
[2014/01/30 12:26:59 | 000,000,861 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\conduit-search.xml
[2014/01/19 11:57:43 | 000,002,437 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\Web Search.xml
[2014/04/17 19:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/17 19:08:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/24 11:52:11 | 000,007,518 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\BUZZ-IT\150.XPI
[2012/08/29 19:24:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (Plus HD)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
O2 - BHO: (diamondata) - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondataBHO.dll (diamondata)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SaveSense) - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll (SaveSense)
O2 - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
O2 - BHO: (weDownload) - {11111111-1111-1111-1111-110311431144} - C:\Program Files (x86)\weDownload\weDownload-bho.dll (weDownload)
O2 - BHO: (no name) - {6132fda2-0da5-4f6f-bb57-df07abd10eab} - No CLSID value found.
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Hathaikan``\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly Shopping) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [iLivid] C:\Users\Hathaikan``\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O4 - HKCU..\Run: [NTRedirect] C:\Users\Hathaikan``\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O4 - Startup: C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A925B770-EFE6-4C51-B1B1-DD2C715139C6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFCCA069-05E4-45E0-BECF-E4E95A64EFE9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll File not found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll ()
O20:64bit: - AppInit_DLLs: (c:\progra~3\wincert\win64c~1.dll) - c:\ProgramData\Wincert\win64cert.dll ()
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) - c:\ProgramData\Wincert\win32cert.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 20:03:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Hathaikan``\Desktop\dds.com
[2014/04/17 19:27:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hathaikan``\Desktop\OTL.exe
[2014/04/17 19:10:48 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/17 19:10:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/17 19:10:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/17 19:10:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/17 19:10:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/17 19:10:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/17 19:10:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/17 19:10:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/17 19:10:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/17 19:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/04/17 19:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/30 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperFastPC
[2014/03/30 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\AppData\Roaming\NewspaperDirect
[2014/03/30 18:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/30 18:50:23 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\AppData\Local\Diagnostics
[2014/03/30 18:40:56 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/03/30 18:11:22 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll
[2014/03/30 18:11:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2014/03/30 18:11:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/03/30 18:11:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/03/30 18:11:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/03/30 18:11:09 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/03/30 18:11:09 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/03/30 18:11:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/03/30 18:11:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/03/30 18:11:08 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/03/30 18:11:08 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/03/30 18:11:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/03/30 18:11:06 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/03/30 18:11:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/03/30 18:11:05 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/03/30 18:11:05 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/03/30 18:11:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/03/30 18:11:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/03/30 18:11:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/03/30 18:11:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/03/30 18:11:00 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/03/30 18:11:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/03/30 18:11:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/03/30 18:10:59 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/03/30 18:10:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/03/30 18:10:58 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/30 18:10:52 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/03/30 18:10:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/18 06:47:19 | 000,855,379 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\SecurityCheck.exe
[2014/04/18 06:46:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/18 06:43:30 | 000,000,308 | ---- | M] () -- C:\windows\tasks\Dealply.job
[2014/04/18 06:43:29 | 000,000,310 | ---- | M] () -- C:\windows\tasks\SaveSense.job
[2014/04/18 06:42:41 | 000,000,942 | ---- | M] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job
[2014/04/18 06:42:41 | 000,000,916 | ---- | M] () -- C:\windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/04/18 06:42:29 | 000,002,084 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-firefoxinstaller.job
[2014/04/18 06:42:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/18 06:42:28 | 000,001,920 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-chromeinstaller.job
[2014/04/18 06:42:28 | 000,001,836 | ---- | M] () -- C:\windows\tasks\weDownload-firefoxinstaller.job
[2014/04/18 06:42:28 | 000,001,308 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-updater.job
[2014/04/18 06:42:28 | 000,001,110 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-enabler.job
[2014/04/18 06:42:23 | 000,001,210 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-codedownloader.job
[2014/04/18 06:42:23 | 000,001,206 | ---- | M] () -- C:\windows\tasks\weDownload-codedownloader.job
[2014/04/18 06:42:23 | 000,001,104 | ---- | M] () -- C:\windows\tasks\weDownload-enabler.job
[2014/04/18 03:25:41 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/18 03:25:41 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/18 03:22:41 | 000,994,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/18 03:22:41 | 000,234,018 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/18 03:22:41 | 000,006,206 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/18 03:18:30 | 000,000,912 | ---- | M] () -- C:\windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/04/18 03:18:29 | 000,000,938 | ---- | M] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job
[2014/04/18 03:18:29 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/18 03:17:44 | 1734,496,255 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 20:19:50 | 000,004,325 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\attach.zip
[2014/04/17 20:03:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Hathaikan``\Desktop\dds.com
[2014/04/17 19:27:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hathaikan``\Desktop\OTL.exe
[2014/04/03 09:10:38 | 000,413,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/30 19:01:43 | 000,000,706 | ---- | M] () -- C:\Users\Hathaikan``\Hathaikan`` - Shortcut.lnk
[2014/03/30 18:46:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/30 18:46:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/30 18:28:06 | 000,000,168 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\WB.CFG
[2014/03/30 18:07:23 | 000,000,452 | ---- | M] () -- C:\windows\SysWow64\ff.bin
[2014/03/30 18:01:04 | 000,000,536 | ---- | M] () -- C:\windows\SysWow64\schtasks.bin
[2014/03/30 15:46:15 | 000,000,390 | ---- | M] () -- C:\windows\tasks\Buzz-it Update.job
 
========== Files Created - No Company Name ==========
 
[2014/04/18 06:46:55 | 000,855,379 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\SecurityCheck.exe
[2014/04/17 20:19:50 | 000,004,325 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\attach.zip
[2014/03/30 19:01:43 | 000,000,706 | ---- | C] () -- C:\Users\Hathaikan``\Hathaikan`` - Shortcut.lnk
[2014/02/02 09:02:54 | 000,000,452 | ---- | C] () -- C:\windows\SysWow64\ff.bin
[2014/01/31 11:25:03 | 000,000,536 | ---- | C] () -- C:\windows\SysWow64\schtasks.bin
[2013/12/26 10:28:23 | 000,000,168 | ---- | C] () -- C:\Users\Hathaikan``\AppData\Roaming\WB.CFG
[2013/08/21 16:01:45 | 000,000,258 | RHS- | C] () -- C:\Users\Hathaikan``\ntuser.pol
[2013/08/15 22:41:46 | 000,003,727 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/04/24 23:20:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/04/24 23:17:31 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/04 16:48:40 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\BabSolution
[2013/08/21 16:01:45 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Dealply
[2014/01/31 11:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Easy2Convert
[2013/08/06 22:45:24 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\GameTuts
[2014/03/30 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\NewspaperDirect
[2013/09/02 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\PC Speed Maximizer
[2014/01/28 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\SaveSense
[2013/08/21 16:01:52 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\SmartPCFix
[2013/12/31 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\TeamViewer
[2012/08/08 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\TechWizard
[2014/01/24 11:28:00 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\TFP
[2012/07/28 22:24:26 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\WinBatch
[2012/07/27 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Wise Disk Cleaner
[2014/01/20 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Wise Registry Cleaner
[2013/09/02 15:06:44 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 

< End of report >

 

 

OTL logfile created on: 4/18/2014 6:50:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hathaikan``\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.49 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 71.00% Memory free
14.97 Gb Paging File | 12.05 Gb Available in Paging File | 80.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.52 Gb Total Space | 854.34 Gb Free Space | 93.42% Space Free | Partition Type: NTFS
Drive D: | 16.77 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
 
Computer Name: HATHAIKAN | User Name: Hathaikan`` | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hathaikan``\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.)
PRC - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
PRC - C:\Users\Hathaikan``\AppData\Local\Torch\Update\TorchCrashHandler.exe (TorchMedia Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bg.exe (Plus HD)
PRC - C:\Users\Hathaikan``\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
PRC - C:\Program Files (x86)\weDownload\weDownload-bg.exe (weDownload)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f0b36ad0ff72c3122a547f952b936ef5\ReachFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
MOD - C:\Users\Hathaikan``\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (savesenselivem) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe (SaveSense)
SRV - (savesenselive) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe (SaveSense)
SRV - (DatamngrCoordinator) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
SRV - (TorchCrashHandler) -- C:\Users\Hathaikan``\AppData\Local\Torch\Update\TorchCrashHandler.exe (TorchMedia Inc.)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (Update diamondata) -- C:\Program Files (x86)\diamondata\updatediamondata.exe (diamondata)
SRV - (dealplylivem) -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (DealPly Technologies Ltd)
SRV - (dealplylive) -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (DealPly Technologies Ltd)
SRV - (BackupStack) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1237&systemid=406&v=n11099-237&apn_uid=0908337753244104&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{B90AD615-78A8-4268-B672-1E827C613A25}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6132fda2-0da5-4f6f-bb57-df07abd10eab} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1237&systemid=406&v=n11099-237&apn_uid=0908337753244104&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=DC8A446D57B439F2&affID=120007&tt=010913_12&tsp=4993
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3284079&octid=CT3284079&SearchSource=61&CUI=UN24175472881898330&UM=2&UP=SP892CDDE8-5C8E-4012-92A6-27F7420BE744
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP30054A1F-A774-4D8A-A1F3-954D2670F21E&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DC8A446D57B439F2&affID=120007&tt=010913_12&tsp=4993
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1237&systemid=406&v=n11099-237&apn_uid=0908337753244104&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3284079.browser.search.defaultthis.engineName: "true"
FF - prefs.js..CT3297951.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "SearchYo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3284079&CUI=UN17812757079375320&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Amazon "
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1237&v=n11099-237&t=4"
FF - prefs.js..extensions.enabledAddons: %7B1BE3023D-C419-0C7D-E351-6BBBA7D8F77C%7D:5.0.0.12144
FF - prefs.js..extensions.enabledAddons: %7B8b337819-d1e8-48d3-8178-168ae8c99c36%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7Ba463dc7d-8d94-1ba6-b610-15f54b22931c%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B10886a85-c81d-48e0-a17e-106b174c4131%7D:1.150
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1466
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.94.196
FF - prefs.js..extensions.enabledAddons: 509508ef-0b14-4616-a557-0d58601be33d%40c4a581e9-0ea6-46db-a185-58e021ee138c.com:0.94.200
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/29 19:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{10886a85-c81d-48e0-a17e-106b174c4131}: C:\Program Files (x86)\Buzz-it\150.xpi [2014/01/24 11:52:11 | 000,007,518 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/07/27 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Extensions
[2014/04/17 20:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions
[2014/04/17 20:06:11 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{1BE3023D-C419-0C7D-E351-6BBBA7D8F77C}
[2014/01/28 20:28:25 | 000,000,000 | ---D | M] (SaveSense) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
[2013/08/21 16:01:44 | 000,000,000 | ---D | M] (DealPly  Shopping) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
[2013/12/04 16:44:51 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{a463dc7d-8d94-1ba6-b610-15f54b22931c}
[2014/01/24 11:25:49 | 000,000,000 | ---D | M] (Movies Toolbar (Dist. by Bandoo Media, Inc.)) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{d1dac034-9fd9-4c13-a388-d2e10e57707f}
[2014/03/30 15:48:26 | 000,000,000 | ---D | M] ("weDownload Manager") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com
[2014/03/30 15:48:14 | 000,000,000 | ---D | M] ("Plus-HD-1.3") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
[2014/04/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData
[2014/04/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\plugins
[2014/04/17 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\userCode
[2014/04/17 19:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData
[2014/04/17 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins
[2014/04/17 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode
[2014/03/30 18:12:08 | 000,050,775 | ---- | M] () (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\addon@defaulttab.com.xpi
[2013/08/31 00:49:38 | 000,007,640 | ---- | M] () (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\firefox@diamondata.net.xpi
[2014/01/24 11:25:39 | 000,002,666 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\Ask.xml
[2014/01/30 12:26:59 | 000,000,861 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\conduit-search.xml
[2014/01/19 11:57:43 | 000,002,437 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\Web Search.xml
[2014/04/17 19:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/17 19:08:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/24 11:52:11 | 000,007,518 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\BUZZ-IT\150.XPI
[2012/08/29 19:24:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (Plus HD)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
O2 - BHO: (diamondata) - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondataBHO.dll (diamondata)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SaveSense) - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll (SaveSense)
O2 - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
O2 - BHO: (weDownload) - {11111111-1111-1111-1111-110311431144} - C:\Program Files (x86)\weDownload\weDownload-bho.dll (weDownload)
O2 - BHO: (no name) - {6132fda2-0da5-4f6f-bb57-df07abd10eab} - No CLSID value found.
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Hathaikan``\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly Shopping) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [iLivid] C:\Users\Hathaikan``\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O4 - HKCU..\Run: [NTRedirect] C:\Users\Hathaikan``\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O4 - Startup: C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A925B770-EFE6-4C51-B1B1-DD2C715139C6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFCCA069-05E4-45E0-BECF-E4E95A64EFE9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll File not found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll ()
O20:64bit: - AppInit_DLLs: (c:\progra~3\wincert\win64c~1.dll) - c:\ProgramData\Wincert\win64cert.dll ()
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) - c:\ProgramData\Wincert\win32cert.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 20:03:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Hathaikan``\Desktop\dds.com
[2014/04/17 19:27:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hathaikan``\Desktop\OTL.exe
[2014/04/17 19:10:48 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/17 19:10:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/17 19:10:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/17 19:10:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/17 19:10:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/17 19:10:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/17 19:10:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/17 19:10:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/17 19:10:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/17 19:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/04/17 19:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/30 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperFastPC
[2014/03/30 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\AppData\Roaming\NewspaperDirect
[2014/03/30 18:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/30 18:50:23 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\AppData\Local\Diagnostics
[2014/03/30 18:40:56 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/03/30 18:11:22 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll
[2014/03/30 18:11:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2014/03/30 18:11:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/03/30 18:11:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/03/30 18:11:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/03/30 18:11:09 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/03/30 18:11:09 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/03/30 18:11:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/03/30 18:11:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/03/30 18:11:08 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/03/30 18:11:08 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/03/30 18:11:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/03/30 18:11:06 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/03/30 18:11:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/03/30 18:11:05 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/03/30 18:11:05 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/03/30 18:11:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/03/30 18:11:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/03/30 18:11:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/03/30 18:11:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/03/30 18:11:00 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/03/30 18:11:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/03/30 18:11:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/03/30 18:10:59 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/03/30 18:10:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/03/30 18:10:58 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/30 18:10:52 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/03/30 18:10:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/18 06:47:19 | 000,855,379 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\SecurityCheck.exe
[2014/04/18 06:46:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/18 06:43:30 | 000,000,308 | ---- | M] () -- C:\windows\tasks\Dealply.job
[2014/04/18 06:43:29 | 000,000,310 | ---- | M] () -- C:\windows\tasks\SaveSense.job
[2014/04/18 06:42:41 | 000,000,942 | ---- | M] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job
[2014/04/18 06:42:41 | 000,000,916 | ---- | M] () -- C:\windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/04/18 06:42:29 | 000,002,084 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-firefoxinstaller.job
[2014/04/18 06:42:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/18 06:42:28 | 000,001,920 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-chromeinstaller.job
[2014/04/18 06:42:28 | 000,001,836 | ---- | M] () -- C:\windows\tasks\weDownload-firefoxinstaller.job
[2014/04/18 06:42:28 | 000,001,308 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-updater.job
[2014/04/18 06:42:28 | 000,001,110 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-enabler.job
[2014/04/18 06:42:23 | 000,001,210 | ---- | M] () -- C:\windows\tasks\Plus-HD-1.3-codedownloader.job
[2014/04/18 06:42:23 | 000,001,206 | ---- | M] () -- C:\windows\tasks\weDownload-codedownloader.job
[2014/04/18 06:42:23 | 000,001,104 | ---- | M] () -- C:\windows\tasks\weDownload-enabler.job
[2014/04/18 03:25:41 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/18 03:25:41 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/18 03:22:41 | 000,994,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/18 03:22:41 | 000,234,018 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/18 03:22:41 | 000,006,206 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/18 03:18:30 | 000,000,912 | ---- | M] () -- C:\windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/04/18 03:18:29 | 000,000,938 | ---- | M] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job
[2014/04/18 03:18:29 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/18 03:17:44 | 1734,496,255 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 20:19:50 | 000,004,325 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\attach.zip
[2014/04/17 20:03:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Hathaikan``\Desktop\dds.com
[2014/04/17 19:27:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hathaikan``\Desktop\OTL.exe
[2014/04/03 09:10:38 | 000,413,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/30 19:01:43 | 000,000,706 | ---- | M] () -- C:\Users\Hathaikan``\Hathaikan`` - Shortcut.lnk
[2014/03/30 18:46:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/30 18:46:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/30 18:28:06 | 000,000,168 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\WB.CFG
[2014/03/30 18:07:23 | 000,000,452 | ---- | M] () -- C:\windows\SysWow64\ff.bin
[2014/03/30 18:01:04 | 000,000,536 | ---- | M] () -- C:\windows\SysWow64\schtasks.bin
[2014/03/30 15:46:15 | 000,000,390 | ---- | M] () -- C:\windows\tasks\Buzz-it Update.job
 
========== Files Created - No Company Name ==========
 
[2014/04/18 06:46:55 | 000,855,379 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\SecurityCheck.exe
[2014/04/17 20:19:50 | 000,004,325 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\attach.zip
[2014/03/30 19:01:43 | 000,000,706 | ---- | C] () -- C:\Users\Hathaikan``\Hathaikan`` - Shortcut.lnk
[2014/02/02 09:02:54 | 000,000,452 | ---- | C] () -- C:\windows\SysWow64\ff.bin
[2014/01/31 11:25:03 | 000,000,536 | ---- | C] () -- C:\windows\SysWow64\schtasks.bin
[2013/12/26 10:28:23 | 000,000,168 | ---- | C] () -- C:\Users\Hathaikan``\AppData\Roaming\WB.CFG
[2013/08/21 16:01:45 | 000,000,258 | RHS- | C] () -- C:\Users\Hathaikan``\ntuser.pol
[2013/08/15 22:41:46 | 000,003,727 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/04/24 23:20:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/04/24 23:17:31 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/04 16:48:40 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\BabSolution
[2013/08/21 16:01:45 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Dealply
[2014/01/31 11:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Easy2Convert
[2013/08/06 22:45:24 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\GameTuts
[2014/03/30 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\NewspaperDirect
[2013/09/02 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\PC Speed Maximizer
[2014/01/28 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\SaveSense
[2013/08/21 16:01:52 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\SmartPCFix
[2013/12/31 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\TeamViewer
[2012/08/08 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\TechWizard
[2014/01/24 11:28:00 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\TFP
[2012/07/28 22:24:26 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\WinBatch
[2012/07/27 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Wise Disk Cleaner
[2014/01/20 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\Wise Registry Cleaner
[2013/09/02 15:06:44 | 000,000,000 | ---D | M] -- C:\Users\Hathaikan``\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 

< End of report >

 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 18 April 2014 - 09:28 AM

Hello iNTeRNeT JuNKie,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 iNTeRNeT JuNKie

iNTeRNeT JuNKie
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 April 2014 - 08:04 PM

Hi Jo,

 

 

If there is no malware found, please let me know as well.  <---   None Found

 

 

Not too sure about keeping anything in this log

 

 

# AdwCleaner v3.024 - Report created 18/04/2014 at 17:48:14
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hathaikan`` - HATHAIKAN
# Running from : C:\Users\Hathaikan``\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack
Service Found : CltMngSvc
Service Found : DatamngrCoordinator
Service Found : dealplylive
Service Found : dealplylivem
Service Found : DefaultTabUpdate
Service Found : savesenselive
Service Found : savesenselivem
Service Found : torchcrashhandler
Service Found : vToolbarUpdater17.1.2

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Found : C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\bprotector_extensions.sqlite
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\bprotector_prefs.js
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\invalidprefs.js
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\Ask.xml
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\conduit-search.xml
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\searchplugins\Web Search.xml
File Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\user.js
File Found : C:\Users\Hathaikan``\Desktop\MyPC Backup.lnk
File Found : C:\Users\Hathaikan``\Desktop\Search.lnk
File Found : C:\Users\Public\Desktop\YourFile Downloader.lnk
File Found : C:\windows\System32\Tasks\Dealply
File Found : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Found : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Found : C:\windows\System32\Tasks\Plus-HD-1.3-chromeinstaller
File Found : C:\windows\System32\Tasks\Plus-HD-1.3-codedownloader
File Found : C:\windows\System32\Tasks\Plus-HD-1.3-enabler
File Found : C:\windows\System32\Tasks\Plus-HD-1.3-firefoxinstaller
File Found : C:\windows\System32\Tasks\Plus-HD-1.3-updater
File Found : C:\windows\System32\Tasks\SaveSense
File Found : C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
File Found : C:\windows\System32\Tasks\weDownload-codedownloader
File Found : C:\windows\System32\Tasks\weDownload-enabler
File Found : C:\windows\System32\Tasks\weDownload-firefoxinstaller
File Found : C:\windows\Tasks\Dealply.job
File Found : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Found : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Found : C:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job
File Found : C:\windows\Tasks\Plus-HD-1.3-codedownloader.job
File Found : C:\windows\Tasks\Plus-HD-1.3-enabler.job
File Found : C:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
File Found : C:\windows\Tasks\Plus-HD-1.3-updater.job
File Found : C:\windows\Tasks\SaveSense.job
File Found : C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
File Found : C:\windows\Tasks\weDownload-codedownloader.job
File Found : C:\windows\Tasks\weDownload-enabler.job
File Found : C:\windows\Tasks\weDownload-firefoxinstaller.job
Folder Found : C:\Users\Hathaikan``\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
Folder Found : C:\Users\Hathaikan``\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Folder Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
Folder Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\Extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com
Folder Found : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\DealPlyLive
Folder Found C:\Program Files (x86)\Delta
Folder Found C:\Program Files (x86)\diamondata
Folder Found C:\Program Files (x86)\Movies Toolbar
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\PC Speed Maximizer
Folder Found C:\Program Files (x86)\Plus-HD-1.3
Folder Found C:\Program Files (x86)\SaveSense
Folder Found C:\Program Files (x86)\SaveSenseLive
Folder Found C:\Program Files (x86)\weDownload
Folder Found C:\Program Files (x86)\Wise
Folder Found C:\Program Files (x86)\yourfiledownloader
Folder Found C:\Program Files\Uninstaller
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\DealPlyLive
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Found C:\ProgramData\SaveSenseLive
Folder Found C:\ProgramData\torchcrashhandler
Folder Found C:\ProgramData\wincert
Folder Found C:\Users\HATHAI~1\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\HATHAI~1\AppData\Local\Temp\mt_ffx
Folder Found C:\Users\HATHAI~1\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Hathaikan``\AppData\Local\AVG Secure Search
Folder Found C:\Users\Hathaikan``\AppData\Local\DealPlyLive
Folder Found C:\Users\Hathaikan``\AppData\Local\iLivid
Folder Found C:\Users\Hathaikan``\AppData\Local\SaveSenseLive
Folder Found C:\Users\Hathaikan``\AppData\Local\SearchProtect
Folder Found C:\Users\Hathaikan``\AppData\Local\Smartbar
Folder Found C:\Users\Hathaikan``\AppData\Local\torch
Folder Found C:\Users\Hathaikan``\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Hathaikan``\AppData\LocalLow\Conduit
Folder Found C:\Users\Hathaikan``\AppData\LocalLow\Delta
Folder Found C:\Users\Hathaikan``\AppData\LocalLow\Plus-HD-1.3
Folder Found C:\Users\Hathaikan``\AppData\LocalLow\searchresultstb
Folder Found C:\Users\Hathaikan``\AppData\LocalLow\Smartbar
Folder Found C:\Users\Hathaikan``\AppData\Roaming\BabSolution
Folder Found C:\Users\Hathaikan``\AppData\Roaming\DealPly
Folder Found C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Folder Found C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\Smartbar
Folder Found C:\Users\Hathaikan``\AppData\Roaming\PC Speed Maximizer
Folder Found C:\Users\Hathaikan``\AppData\Roaming\SaveSense
Folder Found C:\Users\Hathaikan``\AppData\Roaming\yourfiledownloader
Folder Found C:\Users\Hathaikan``\Documents\PC Speed Maximizer
Folder Found C:\windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Hathaikan``\Desktop\Search.lnk ( hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=sc&installDate=04/12/2013 )
Shortcut Found : C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=sc&installDate=04/12/2013 )
Shortcut Found : C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk ( hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=sc&installDate=04/12/2013 )

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\mgrldr.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win64c~1.dll
Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Plus-HD-1.3
Key Found : HKCU\Software\AppDataLow\Software\weDownload
Key Found : HKCU\Software\AppDataLow\Software\weDownload
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\DealPlyLive
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\f55d688b43ebd45
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311121157}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311431144}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121157}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311431144}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\pc speed maximizer
Key Found : HKCU\Software\SaveSenseLive
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\YourFileDownloader
Key Found : [x64] HKCU\Software\Alexa Internet
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\DealPly
Key Found : [x64] HKCU\Software\DealPlyLive
Key Found : [x64] HKCU\Software\distromatic
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\pc speed maximizer
Key Found : [x64] HKCU\Software\SaveSenseLive
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\smartbarbackup
Key Found : [x64] HKCU\Software\smartbarlog
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\YourFileDownloader
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311431144}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322432244}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034344.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034344.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034344.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034344.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\d
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355435544}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436644}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3284079
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344124457}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344434444}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\DealPlyLive
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\f55d688b43ebd45
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05446fb7-7bc3-454b-9255-e456006afd0d}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e1e4d3b-2b02-4c00-8e47-640bf1933fa2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e1e4d3b-2b02-4c00-8e47-640bf1933fa2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e1e4d3b-2b02-4c00-8e47-640bf1933fa2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{195f6148-bd49-4fe6-bdbe-6461cdba3908}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3800b1b6-a858-41ce-b2c6-bad6afd7bbe2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{717ecce9-fff5-4030-a6df-bec4d65a8372}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b1decad-e292-4166-8cce-8cad6b611d58}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8d4552d1-58d5-402e-bc6d-77c94b622633}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8d4552d1-58d5-402e-bc6d-77c94b622633}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8d4552d1-58d5-402e-bc6d-77c94b622633}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb926b7c-2e9f-4908-8d5e-063ecf9303c3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb926b7c-2e9f-4908-8d5e-063ecf9303c3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb926b7c-2e9f-4908-8d5e-063ecf9303c3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cd894e69-86dc-416c-b0a4-bbf516436861}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cd894e69-86dc-416c-b0a4-bbf516436861}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cd894e69-86dc-416c-b0a4-bbf516436861}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf1ddbe5-3e1a-4518-9d68-22748e3e01b8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf1ddbe5-3e1a-4518-9d68-22748e3e01b8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf1ddbe5-3e1a-4518-9d68-22748e3e01b8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311431144}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431144}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Key Found : HKLM\Software\Plus-HD-1.3
Key Found : HKLM\Software\SaveSenseLive
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\torch
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\weDownload
Key Found : HKLM\Software\weDownload
Key Found : HKLM\Software\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355435544}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436644}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e1e4d3b-2b02-4c00-8e47-640bf1933fa2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e1e4d3b-2b02-4c00-8e47-640bf1933fa2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e1e4d3b-2b02-4c00-8e47-640bf1933fa2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8d4552d1-58d5-402e-bc6d-77c94b622633}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8d4552d1-58d5-402e-bc6d-77c94b622633}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8d4552d1-58d5-402e-bc6d-77c94b622633}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb926b7c-2e9f-4908-8d5e-063ecf9303c3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb926b7c-2e9f-4908-8d5e-063ecf9303c3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb926b7c-2e9f-4908-8d5e-063ecf9303c3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cd894e69-86dc-416c-b0a4-bbf516436861}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cd894e69-86dc-416c-b0a4-bbf516436861}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cd894e69-86dc-416c-b0a4-bbf516436861}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf1ddbe5-3e1a-4518-9d68-22748e3e01b8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf1ddbe5-3e1a-4518-9d68-22748e3e01b8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cf1ddbe5-3e1a-4518-9d68-22748e3e01b8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3284079&octid=CT3284079&SearchSource=61&CUI=UN24175472881898330&UM=2&UP=SP892CDDE8-5C8E-4012-92A6-27F7420BE744
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=a463dc7d-8d94-1ba6-b610-15f54b22931c&searchtype=ds&q={searchTerms}&installDate=04/12/2013

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\prefs.js ]

Line Found : user_pref("CT3284079.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3284079.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3284079.1000234.TWC_TMP_city", "LOS ANGELES");
Line Found : user_pref("CT3284079.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3284079.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3284079.1000234.TWC_locId", "USCA0638");
Line Found : user_pref("CT3284079.1000234.TWC_location", "Los Angeles, CA");
Line Found : user_pref("CT3284079.1000234.TWC_region", "US");
Line Found : user_pref("CT3284079.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3284079.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3284079.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3284079.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3284079.FF19Solved", "true");
Line Found : user_pref("CT3284079.FirstTime", "true");
Line Found : user_pref("CT3284079.FirstTimeFF3", "true");
Line Found : user_pref("CT3284079.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NzcyODE3NA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MDE2NTUyMQ==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "NQ==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MDE2NjEzNg==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3ODE1OTc4OQ==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MTM3ODA1OTY2OA==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=borderlands%202%20gibbed%20editor%20download&l=files2dl.com&t=2&v=0.5&d=conduit2.enc", "MTM3ODE1OTc4MQ==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=gear%20calculator&l=blmodding.wikidot.com&t=2&v=0.4&d=conduit2.enc", "MTM3NzcyODMxMg==");
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=nike%20sb%20koston%20%20site%3Aactiverideshop.com&l=shop.ccs.com&t=2&v=0.4&d=conduit2.enc", "MTM3ODA1OTY4NQ=[...]
Line Found : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=nike%20sb%20koston%20&l=www.activerideshop.com&t=1&o=nike%20sb%20koston%202&v=0.4&d=conduit2.enc", "MTM3ODA1[...]
Line Found : user_pref("CT3284079.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3284079.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3284079.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3284079.SF_USER_ID.enc", "Y2lkXzI4ODIwMTMxNTE2MTEyNjU5MDM1");
Line Found : user_pref("CT3284079.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284079&SearchSource=2&CUI=UN17812757079375320&UM=2&q=");
Line Found : user_pref("CT3284079.UserID", "UN17812757079375320");
Line Found : user_pref("CT3284079.acp_personal.appstate.enc", "ZW5hYmxl");
Line Found : user_pref("CT3284079.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3284079.autoDisableScopes", -1);
Line Found : user_pref("CT3284079.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3284079.cb_experience_000.enc", "MTA2");
Line Found : user_pref("CT3284079.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3284079.cb_user_id_000.enc", "Q0I1NzMyMzEyMzI1NzBfMTM3ODA1OTY3ODM0NV9GaXJlZm94");
Line Found : user_pref("CT3284079.cbfirsttime.enc", "V2VkIEF1ZyAyMSAyMDEzIDE4OjE5OjM4IEdNVC0wNzAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT3284079.countryCode", "US");
Line Found : user_pref("CT3284079.defaultSearch", "true");
Line Found : user_pref("CT3284079.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Found : user_pref("CT3284079.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc4MTYwMDE3ODM1LDE0NDAwMDAwXX0=");
Line Found : user_pref("CT3284079.discover-user-id.enc", "IjhiY2U1MDM3LWNjZTUtNDRhOC1iZmUxLWRlNTU5MTVmMGM5YSI=");
Line Found : user_pref("CT3284079.enableAlerts", "true");
Line Found : user_pref("CT3284079.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3284079.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3284079.fixPageNotFoundError", "true");
Line Found : user_pref("CT3284079.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3284079.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3284079.fixUrls", true);
Line Found : user_pref("CT3284079.fullUserID", "UN17812757079375320.IN.20130821173619");
Line Found : user_pref("CT3284079.installDate", "21/08/2013 17:36:19");
Line Found : user_pref("CT3284079.installId", "stub.exe");
Line Found : user_pref("CT3284079.installSessionId", "{C7CCAD34-A65C-4C7B-BF3D-0720EFA5122C}");
Line Found : user_pref("CT3284079.installSp", "TRUE");
Line Found : user_pref("CT3284079.installType", "conduitnsisintegration");
Line Found : user_pref("CT3284079.installUsage", "2013-08-22T03:37:42.776399+03:00");
Line Found : user_pref("CT3284079.installUsageEarly", "2013-08-22T03:37:41.2631602+03:00");
Line Found : user_pref("CT3284079.installerVersion", "1.5.4.5");
Line Found : user_pref("CT3284079.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3284079.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3284079.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3284079.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3284079.keyword", "true");
Line Found : user_pref("CT3284079.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3284079&octid=CT3284079&SearchSource=15&CUI=UN17812757079375320&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3284079.lastVersion", "10.21.1.507");
Line Found : user_pref("CT3284079.mam_gk_appStateReportTime.enc", "MTM4MzQ0MjEyOTg1Mg==");
Line Found : user_pref("CT3284079.mam_gk_appState_ACplus.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_PriceGrabber.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3284079.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6ImFwcDEzIiwidXJsIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vbWFtLzNyZHBhcnR5YXBwcy9lZGlsaWEvZWRpbGlhLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlv[...]
Line Found : user_pref("CT3284079.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3284079.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3284079.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6ImFwcDEzIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNWI5YjdiMWItZDc4Yy00NjQyLWEwMTgtN2ZkZDViYjliZTU4IiwiZG9tYWlucyI6WyIqIl0[...]
Line Found : user_pref("CT3284079.mam_gk_currentBadgeValue.enc", "Mw==");
Line Found : user_pref("CT3284079.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3284079.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3284079.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3284079.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3284079.mam_gk_lastLoginTime.enc", "MTM4MzQ0MjEzMDEzNA==");
Line Found : user_pref("CT3284079.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3284079.mam_gk_newApps.enc", "W3siaWQiOiJhcHAxMyIsIm5hbWUiOiJEaXNjb3ZlciBUZXN0IiwiZGVzY3JpcHRpb24iOiJXYXRjaGluZyB2aWRlbz8gVGhpcyBhcHAgaW50ZWxsaWdlbnRseSBvZmZlcnMgZ3JlYXQgY2xpcHMgZm9yIHlvd[...]
Line Found : user_pref("CT3284079.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3284079.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3284079.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODZfMSIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Found : user_pref("CT3284079.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Found : user_pref("CT3284079.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3284079.mam_gk_userId.enc", "ZGZiZjgxNjctNjc2Zi00ODcyLThhZWQtN2EzYjg2ZmIyZTc2");
Line Found : user_pref("CT3284079.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3284079.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3284079.migrateAppsAndComponents", true);
Line Found : user_pref("CT3284079.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww2.delta-search.com%2F%3Fbabsrc%3DHP_ss%26mntrId%3DDC8A446D57B439F2%26affID%3D120007%26tt%[...]
Line Found : user_pref("CT3284079.openThankYouPage", "false");
Line Found : user_pref("CT3284079.openUninstallPage", "true");
Line Found : user_pref("CT3284079.originalHomepage", "hxxp://search.conduit.com/?UM=2&ctid=CT3297951&SearchSource=13&CUI=UN00935250755861749");
Line Found : user_pref("CT3284079.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297951&SearchSource=2&CUI=UN00935250755861749&UM=2&q=");
Line Found : user_pref("CT3284079.originalSearchEngine", "");
Line Found : user_pref("CT3284079.originalSearchEngineName", "WiseConvert B2 Customized Web Search");
Line Found : user_pref("CT3284079.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3284079.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgzNDQyMTc3MzMxLDE0NDAwMDAwXX0=");
Line Found : user_pref("CT3284079.rematchagent-user-id.enc", "ImYwOGY4NmI0LWI2YmEtNGQ1MS1iZDk5LWFiNDVlNmVhNDU2ZiI=");
Line Found : user_pref("CT3284079.revertSettingsEnabled", "false");
Line Found : user_pref("CT3284079.search.searchAppId", "130044644329323677");
Line Found : user_pref("CT3284079.search.searchCount", "0");
Line Found : user_pref("CT3284079.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3284079.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3284079.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3284079.searchRevert", "false");
Line Found : user_pref("CT3284079.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3284079.searchUserMode", "2");
Line Found : user_pref("CT3284079.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3284079.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3284079.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3284079\"}");
Line Found : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SearchYoToolbar.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SearchYo \"}");
Line Found : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3284079.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3284079.serviceLayer_services_Configuration_lastUpdate", "1383513156240");
Line Found : user_pref("CT3284079.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1383513150481");
Line Found : user_pref("CT3284079.serviceLayer_services_appsMetadata_lastUpdate", "1383513149439");
Line Found : user_pref("CT3284079.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1383513147059");
Line Found : user_pref("CT3284079.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1377131862179");
Line Found : user_pref("CT3284079.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1377131863574");
Line Found : user_pref("CT3284079.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377728224924");
Line Found : user_pref("CT3284079.serviceLayer_services_login_10.16.9.6_lastUpdate", "1377131863872");
Line Found : user_pref("CT3284079.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378159756700");
Line Found : user_pref("CT3284079.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380165448893");
Line Found : user_pref("CT3284079.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383530417189");
Line Found : user_pref("CT3284079.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1383513147128");
Line Found : user_pref("CT3284079.serviceLayer_services_searchAPI_lastUpdate", "1383513156180");
Line Found : user_pref("CT3284079.serviceLayer_services_serviceMap_lastUpdate", "1383513149434");
Line Found : user_pref("CT3284079.serviceLayer_services_toolbarContextMenu_lastUpdate", "1383513147098");
Line Found : user_pref("CT3284079.serviceLayer_services_toolbarSettings_lastUpdate", "1383530417124");
Line Found : user_pref("CT3284079.serviceLayer_services_translation_lastUpdate", "1383513151765");
Line Found : user_pref("CT3284079.settingsINI", true);
Line Found : user_pref("CT3284079.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3284079.showToolbarPermission", "false");
Line Found : user_pref("CT3284079.smartbar.CTID", "CT3284079");
Line Found : user_pref("CT3284079.smartbar.Uninstall", "0");
Line Found : user_pref("CT3284079.smartbar.homepage", "true");
Line Found : user_pref("CT3284079.smartbar.toolbarName", "SearchYo ");
Line Found : user_pref("CT3284079.startPage", "true");
Line Found : user_pref("CT3284079.toolbarBornServerTime", "22-8-2013");
Line Found : user_pref("CT3284079.toolbarCurrentServerTime", "4-11-2013");
Line Found : user_pref("CT3284079.toolbarLoginClientTime", "Wed Aug 21 2013 17:37:43 GMT-0700 (Pacific Standard Time)");
Line Found : user_pref("CT3284079.url_history0001", "%F0%E7%FC%E7%F9%E9%F8%EF%F6%FA%C0%E7%EA%EA%DA%F5%C9%E7%F8%FA%AE%AF%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BD%BE%B6%BC%B6%B9%B6%BA%B6%B8%BB%[...]
Line Found : user_pref("CT3284079.url_history0001.enc", "amF2YXNjcmlwdDphZGRUb0NhcnQoKTo6OmNsaWNraGFuZGxlcjo6OjEzNzgwNjAzMDQwMjUsLCxqYXZhc2NyaXB0OmFkZFRvQ2FydCgpOjo6Y2xpY2toYW5kbGVyOjo6MTM3ODA2MDMwNDAzMSwsLGphdmFz[...]
Line Found : user_pref("CT3284079.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3284079.xpeMode", "3");
Line Found : user_pref("CT3284079_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383530427446,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3297951.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3297951.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Found : user_pref("CT3297951.1000234.TWC_TMP_city", "LOS ANGELES");
Line Found : user_pref("CT3297951.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3297951.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3297951.1000234.TWC_locId", "USCA0638");
Line Found : user_pref("CT3297951.1000234.TWC_location", "Los Angeles, CA");
Line Found : user_pref("CT3297951.1000234.TWC_region", "US");
Line Found : user_pref("CT3297951.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3297951.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3297951.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.FirstTime", "true");
Line Found : user_pref("CT3297951.FirstTimeFF3", "true");
Line Found : user_pref("CT3297951.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTkyNjE2NQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3ODE1OTY1OQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3ODE1OTY1OQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM3NzExNzcyMw==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3NzEyMjc1Mg==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MTM3NTkyNjI0NQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=borderlands%202&l=www.bing.com&t=2&v=0.4&d=conduit2.enc", "MTM3NTkyNjI1NQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=borderlands%2B2%2Bmodded%2Bgame%2Bsave&l=www.game-tuts.com&t=2&v=0.4&d=conduit2.enc", "MTM3NTkyNjI2Nw==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=gametuts&l=www.game-tuts.com&t=2&v=0.4&d=conduit2.enc", "MTM3NjYzMTg3Mg==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=google&l=www.google.com&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzMyOQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=usbexplorer&l=digiex.net&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzg3OQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=willow%20tree%20beta%2010%20download&l=sourceforge.net&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzQ1OQ==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=willowtree&l=sourceforge.net&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzM2OA==");
Line Found : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=youtube.com&l=www.youtube.com&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzcxNQ==");
Line Found : user_pref("CT3297951.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3297951.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3297951.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3297951.SF_USER_ID.enc", "Y2lkXzc4MjAxMzE4NDMyMTg3OTQ5MzU=");
Line Found : user_pref("CT3297951.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297951&SearchSource=2&CUI=UN00935250755861749&UM=2&q=");
Line Found : user_pref("CT3297951.UserID", "UN00935250755861749");
Line Found : user_pref("CT3297951.acp_personal.appstate.enc", "ZW5hYmxl");
Line Found : user_pref("CT3297951.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3297951.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3297951.cb_experience_000.enc", "Mjk=");
Line Found : user_pref("CT3297951.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3297951.cb_user_id_000.enc", "Q0I2ODA4NjI4NDEyMzRfMTM3NTkyNjIwMDA3Nl9GaXJlZm94");
Line Found : user_pref("CT3297951.cbfirsttime.enc", "V2VkIEF1ZyAwNyAyMDEzIDE4OjQyOjQzIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3297951.countryCode", "US");
Line Found : user_pref("CT3297951.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Found : user_pref("CT3297951.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc4MTYwMDE3NjU4LDE0NDAwMDAwXX0=");
Line Found : user_pref("CT3297951.discover-user-id.enc", "Ijk2MjgzNjJjLThkYmMtNDcxNy1iZDQ4LTlmYzcxNzU0ZWJiNyI=");
Line Found : user_pref("CT3297951.event_data.enc", "JTVCJTVE");
Line Found : user_pref("CT3297951.fired_events", "");
Line Found : user_pref("CT3297951.fired_events.enc", "");
Line Found : user_pref("CT3297951.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3297951.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3297951.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3297951.fixUrls", true);
Line Found : user_pref("CT3297951.fullUserID", "UN00935250755861749.TB.20130807184226");
Line Found : user_pref("CT3297951.ground-country-code.enc", "IlVTIg==");
Line Found : user_pref("CT3297951.hover_counter.enc", "MQ==");
Line Found : user_pref("CT3297951.impression_counter.enc", "MQ==");
Line Found : user_pref("CT3297951.impression_session_counter.enc", "MQ==");
Line Found : user_pref("CT3297951.impression_session_id.enc", "IjRkOTE5OTg3LWIzMTItNDBjMy05MmZiLTgwZDJkNjljNTE0OCI=");
Line Found : user_pref("CT3297951.impression_session_last_active.enc", "MTM3NzExNzc0MzU1Mg==");
Line Found : user_pref("CT3297951.installType", "Unknown");
Line Found : user_pref("CT3297951.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3297951.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3297951.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3297951.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.key_date", "%B9");
Line Found : user_pref("CT3297951.key_date.enc", "Mw==");
Line Found : user_pref("CT3297951.keyword", true);
Line Found : user_pref("CT3297951.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3297951&octid=CT3297951&SearchSource=15&CUI=UN00935250755861749&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3297951.lastVersion", "10.21.1.507");
Line Found : user_pref("CT3297951.mam_gk_appStateReportTime.enc", "MTM4MzQ0MjEzMzc2Nw==");
Line Found : user_pref("CT3297951.mam_gk_appState_ACplus.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3297951.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkpvYnNNaW5lciIsInVybCI6Imh0dHA6Ly9qb2JzbWluZXIuY29tL2NvbGxhYm9yYXRpb25zL2NvbmR1aXQvaW5kZXgyLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNE[...]
Line Found : user_pref("CT3297951.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3297951.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQxNzgyY2FiLWVjMWQtNGJmZS05NmUzLWM1NDQ5MWZmYWJjMiIsImRvbWFpbnMiOls[...]
Line Found : user_pref("CT3297951.mam_gk_currentBadgeValue.enc", "Mg==");
Line Found : user_pref("CT3297951.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3297951.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3297951.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3297951.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Found : user_pref("CT3297951.mam_gk_lastLoginTime.enc", "MTM4MzQ0MjEzMTMzMw==");
Line Found : user_pref("CT3297951.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3297951.mam_gk_newApps.enc", "W3siaWQiOiJKb2JzTWluZXIiLCJuYW1lIjoiSm9ic01pbmVyIiwiZGVzY3JpcHRpb24iOiJKb2JzbWluZXIgaXMgYSB1bmlxdWUgam9iIHNlYXJjaCBlbmdpbmUgZmluZGluZyBqb2Igb2ZmZXJpbmdzIFxuc[...]
Line Found : user_pref("CT3297951.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3297951.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Found : user_pref("CT3297951.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjM1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Found : user_pref("CT3297951.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Found : user_pref("CT3297951.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3297951.mam_gk_userId.enc", "NDAwODgyZjctMTlmOS00Y2NhLWI4NDYtYWRhNzFkNTQ1ZTE4");
Line Found : user_pref("CT3297951.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3297951.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3297951.migrateAppsAndComponents", true);
Line Found : user_pref("CT3297951.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww2.delta-search.com%2F%3Fbabsrc%3DHP_ss%26mntrId%3DDC8A446D57B439F2%26affID%3D120007%26tt%3D010913_12%26tsp%3D4993[...]
Line Found : user_pref("CT3297951.originalHomepage", "hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP&dt=122712");
Line Found : user_pref("CT3297951.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=122712&q=");
Line Found : user_pref("CT3297951.originalSearchEngine", "Bing ");
Line Found : user_pref("CT3297951.originalSearchEngineName", "Bing ");
Line Found : user_pref("CT3297951.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3297951.revertSettingsEnabled", "false");
Line Found : user_pref("CT3297951.search.searchAppId", "130106760781777585");
Line Found : user_pref("CT3297951.search.searchCount", "0");
Line Found : user_pref("CT3297951.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3297951.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3297951.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3297951.searchSuggestEnabledByUser", "TRUE");
Line Found : user_pref("CT3297951.searchUserMode", "2");
Line Found : user_pref("CT3297951.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3297951\"}");
Line Found : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvertB2.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert B2 \"}");
Line Found : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3297951.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3297951.serviceLayer_services_Configuration_lastUpdate", "1383513151704");
Line Found : user_pref("CT3297951.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1383513146744");
Line Found : user_pref("CT3297951.serviceLayer_services_appsMetadata_lastUpdate", "1383513146416");
Line Found : user_pref("CT3297951.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1383513146450");
Line Found : user_pref("CT3297951.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377728224537");
Line Found : user_pref("CT3297951.serviceLayer_services_login_10.16.9.6_lastUpdate", "1376631907893");
Line Found : user_pref("CT3297951.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378159755762");
Line Found : user_pref("CT3297951.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383530416805");
Line Found : user_pref("CT3297951.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1383513154319");
Line Found : user_pref("CT3297951.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1383513154289");
Line Found : user_pref("CT3297951.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1383513146421");
Line Found : user_pref("CT3297951.serviceLayer_services_searchAPI_lastUpdate", "1383513151509");
Line Found : user_pref("CT3297951.serviceLayer_services_serviceMap_lastUpdate", "1383513146485");
Line Found : user_pref("CT3297951.serviceLayer_services_setupAPI_lastUpdate", "1375926148085");
Line Found : user_pref("CT3297951.serviceLayer_services_toolbarContextMenu_lastUpdate", "1383513146379");
Line Found : user_pref("CT3297951.serviceLayer_services_toolbarSettings_lastUpdate", "1383530417098");
Line Found : user_pref("CT3297951.serviceLayer_services_translation_lastUpdate", "1383513146553");
Line Found : user_pref("CT3297951.settingsINI", true);
Line Found : user_pref("CT3297951.showToolbarPermission", "false");
Line Found : user_pref("CT3297951.smartbar.CTID", "CT3297951");
Line Found : user_pref("CT3297951.smartbar.Uninstall", "0");
Line Found : user_pref("CT3297951.smartbar.homepage", true);
Line Found : user_pref("CT3297951.smartbar.toolbarName", "WiseConvert B2 ");
Line Found : user_pref("CT3297951.toolbarBornServerTime", "8-8-2013");
Line Found : user_pref("CT3297951.toolbarCurrentServerTime", "4-11-2013");
Line Found : user_pref("CT3297951.toolbarLoginClientTime", "Wed Aug 07 2013 18:42:37 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3297951.url_history0001.enc", "aHR0cDovL3d3dy5kb2dmdW5rLmNvbS9uaWtlLWVyaWMta29zdG9uLTItc2thdGUtc2hvZS1tZW5zP0NNUF9TS1U9TktFMDgyOSZNRVI9MDQwNiZzaWQ9TktFMDgyOSZDTVBfSUQ9U0hfU0hQMDAzJm12X3Bj[...]
Line Found : user_pref("CT3297951.userIdGenerationCounter", "1");
Line Found : user_pref("CT3297951_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383530427434,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "SearchYo Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284079&CUI=UN17812757079375320&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1237&v=n11099-237&t=4");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.InstallationThankYouPage", false);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.InstallationTime", 1377131861);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344_dbWasSet", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344_dbWasSet_FF25_FIX", true[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.active", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.addressbar", "NA");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.addressbarenhanced", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.asyncdb.was_copied", "true");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.asyncinternaldb.was_copied", "true");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.backgroundver", 8);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.certdomaininstaller", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.changeprevious", false);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylig[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app34344%22%3A%22app34[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.expiration", "Thu Apr 24 2014 20:06:29 GMT-0700 (Pacific Sta[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.expiration", "Fri Apr 18 2014 20:06:29 GMT-0700 (Pacific Standa[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A34344%2C%22appName%22%3A%22weDownload[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.InstallationTime.value", "1377131861");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie._GPL_aoi.value", "%221394501859%22");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie._GPL_parent_zoneid.value", "%22513018%22");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.jw_token.value", "%224f800e9d-5103-9706-9db7-72a1aa8f4846%22");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.description", "Enhance your search results with direct download links and information for apps and[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.domain", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.enablesearch", false);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.homepage", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.iframe", false);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22062E6ED8C1404F7EA73D6F92898EE[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific [...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22062E6ED8C1404F7EA73D[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_appVer.value", "206");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_lastVersion.value", "23");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A335479%2C%22ver%22%3A23%[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_nextCheck.expiration", "Fri Apr 18 2014 23:09:32 GMT-0700 (Pacific Standard T[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Day[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_resource_335479.expiration", "Thu Jul 17 2014 17:09:32 GMT-0700 (Pacific Stan[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_resource_335479.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb._country_code_.value", "%22US%22");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22062E6ED8[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacifi[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pa[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pac[...]
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.lastDailyReport", "1397866172256");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.lastUpdate", "1397866172518");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.manifesturl", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.name", "weDownload Manager");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.newtab", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.opensearch", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.pluginsurl", "hxxp://js.clientdemocloud.com/plugin/apps/34344/plugins/094/ff/plugins.json");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.pluginsversion", 167);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.publisher", "weDownload");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.searchstatus", 0);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.setnewtab", false);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.thankyou", "");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.updateinterval", 360);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.ver", 206);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.FilesValidatorDueTime", "1397790441758");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.apps", "34344");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.bic", "140a374958810e5b868ebe60569f0984");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.cid", 34344);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.firstrun", false);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.hadappinstalled", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.installationdate", 1377131861);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.lastcheck", 22962135);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.lastcheckitem", 22962139);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.modetype", "production");
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.reportInstall", true);
Line Found : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.statsDailyCounter", 29);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.InstallationThankYouPage", false);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.InstallationTime", 1386200714);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257_dbWasSet", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257_dbWasSet_FF25_FIX", true[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.active", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.addressbar", "NA");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.addressbarenhanced", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncdb.was_copied", "true");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncinternaldb.was_copied", "true");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.backgroundver", 3);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.certdomaininstaller", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.changeprevious", false);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.InstallationTime.value", "1386200714");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie._GPL_aoi.value", "%221392170028%22");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie._GPL_parent_zoneid.value", "%22418655%22");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.jw_token.value", "%2232f31453-f17f-cb3b-e1af-b19f5c688209%22");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.load_balancer.expiration", "Fri Apr 18 2014 23:09:33 GMT-0700 (Pacific Standard Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.previous_page.value", "%22hxxp%3A//general-changelog-team.fr/en/%22");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.user_id.value", "%22140a374958810e5b868ebe60569f0984%22");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.description", "Turn YouTube videos to High Definition by default");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.domain", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.enablesearch", false);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.homepage", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.iframe", false);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard [...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22062E6ED8C1404F7EA73D6F92898EE[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000671%22%2C%22sub_id%22%3A%220%2[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific [...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22062E6ED8C1404F7EA73D[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_appVer.value", "213");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_nextCheck.expiration", "Fri Apr 18 2014 23:09:32 GMT-0700 (Pacific Standard T[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Day[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__194_lastCheck__.expiration", "Fri Apr 18 2014 17:42:43 GMT-0700 (Pacific Standard Tim[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__194_lastCheck__.value", "true");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__global_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific [...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__global_rules.value", "%5B%7B%22rules%22%3A%7B%22delay_between_ads_in_s[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__global_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (P[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__global_rules_verion.value", "2");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__is_send_log.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific S[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__is_send_log.value", "false");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__last_impression_time.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 ([...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__last_impression_time.value", "1394501128846");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__marketing_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacif[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__marketing_rules.value", "%7B%22rules%22%3A%5B%7B%22ad_type%22%3A%22sit[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.value", "23");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__pages_visited_count.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (P[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__pages_visited_count.value", "98");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__send_log_percent.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Paci[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__ICM_DOWNLOADS__send_log_percent.value", "0.0005");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb._country_code_.value", "%22US%22");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22062E6ED8[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacifi[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pa[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_last_executable_request.expiration", "Fri Apr 18 2014 07:29:11 GMT-[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//oldtimer.geekstogo.com[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pac[...]
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.lastDailyReport", "1397866172567");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.lastUpdate", "1397866172928");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.manifesturl", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.name", "Plus-HD-1.3");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.newtab", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.opensearch", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.pluginsurl", "hxxp://js.clientdemocloud.com/plugin/apps/31257/plugins/094/ff/plugins.json");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.pluginsversion", 204);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.publisher", "Plus HD");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.searchstatus", 0);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.setnewtab", false);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.thankyou", "");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.updateinterval", 360);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.ver", 213);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.FilesValidatorDueTime", "1397828854150");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.apps", "31257");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.bic", "140a374958810e5b868ebe60569f0984");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.cid", 31257);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.firstrun", false);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.hadappinstalled", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.installationdate", 1386200714);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.modetype", "production");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.reportInstall", true);
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.statsDailyCounter", 12);
Line Found : user_pref("extensions.crossrider.bic", "140a374958810e5b868ebe60569f0984");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "dc8a02a4000000000000446d57b439f2");
Line Found : user_pref("extensions.delta.instlDay", "15950");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.615:07:17");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=120007&tt=010913_12&tsp=4993");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", true);
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "tightropeyb");
Line Found : user_pref("extensions.helperbar.installationid", "a463dc7d-8d94-1ba6-b610-15f54b22931c");
Line Found : user_pref("extensions.helperbar.installdate", "04/12/2013");
Line Found : user_pref("extensions.helperbar.publisher", "tightropeyb");

*************************

AdwCleaner[R0].txt - [116253 octets] - [18/04/2014 17:48:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [116315 octets] ##########



#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 19 April 2014 - 03:51 AM

Hello iNTeRNeT JuNKie,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 iNTeRNeT JuNKie

iNTeRNeT JuNKie
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 19 April 2014 - 10:48 AM

Hello Jo,

 

The PC seems to be back to normal.  Are you able to determine what the root cause of the issue was? Was it a toolbar that was loaded? The programs that were used to diagnose, should they be removed?

 

 

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 07:58:01
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hathaikan`` - HATHAIKAN
# Running from : C:\Users\Hathaikan``\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\SaveSenseLive
[!] Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\SaveSenseLive

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Hathaikan``\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034344.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034344.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034344.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0034344.Sandbox.1
Key Deleted : HKCU\Software\f55d688b43ebd45
Key Deleted : HKLM\SOFTWARE\f55d688b43ebd45
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284079
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311431144}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322432244}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355435544}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436644}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344124457}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344434444}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311431144}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121157}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311431144}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431144}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355435544}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436644}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SaveSenseLive
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\SaveSenseLive
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\weDownload
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\prefs.js ]

Line Deleted : user_pref("CT3284079.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3284079.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3284079.1000234.TWC_TMP_city", "LOS ANGELES");
Line Deleted : user_pref("CT3284079.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3284079.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3284079.1000234.TWC_locId", "USCA0638");
Line Deleted : user_pref("CT3284079.1000234.TWC_location", "Los Angeles, CA");
Line Deleted : user_pref("CT3284079.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3284079.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3284079.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3284079.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3284079.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3284079.FF19Solved", "true");
Line Deleted : user_pref("CT3284079.FirstTime", "true");
Line Deleted : user_pref("CT3284079.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3284079.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NzcyODE3NA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MDE2NTUyMQ==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "NQ==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MDE2NjEzNg==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3ODE1OTc4OQ==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MTM3ODA1OTY2OA==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=borderlands%202%20gibbed%20editor%20download&l=files2dl.com&t=2&v=0.5&d=conduit2.enc", "MTM3ODE1OTc4MQ==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=gear%20calculator&l=blmodding.wikidot.com&t=2&v=0.4&d=conduit2.enc", "MTM3NzcyODMxMg==");
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=nike%20sb%20koston%20%20site%3Aactiverideshop.com&l=shop.ccs.com&t=2&v=0.4&d=conduit2.enc", "MTM3ODA1OTY4NQ=[...]
Line Deleted : user_pref("CT3284079.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=nike%20sb%20koston%20&l=www.activerideshop.com&t=1&o=nike%20sb%20koston%202&v=0.4&d=conduit2.enc", "MTM3ODA1[...]
Line Deleted : user_pref("CT3284079.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3284079.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3284079.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3284079.SF_USER_ID.enc", "Y2lkXzI4ODIwMTMxNTE2MTEyNjU5MDM1");
Line Deleted : user_pref("CT3284079.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284079&SearchSource=2&CUI=UN17812757079375320&UM=2&q=");
Line Deleted : user_pref("CT3284079.UserID", "UN17812757079375320");
Line Deleted : user_pref("CT3284079.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3284079.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3284079.autoDisableScopes", -1);
Line Deleted : user_pref("CT3284079.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3284079.cb_experience_000.enc", "MTA2");
Line Deleted : user_pref("CT3284079.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3284079.cb_user_id_000.enc", "Q0I1NzMyMzEyMzI1NzBfMTM3ODA1OTY3ODM0NV9GaXJlZm94");
Line Deleted : user_pref("CT3284079.cbfirsttime.enc", "V2VkIEF1ZyAyMSAyMDEzIDE4OjE5OjM4IEdNVC0wNzAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3284079.countryCode", "US");
Line Deleted : user_pref("CT3284079.defaultSearch", "true");
Line Deleted : user_pref("CT3284079.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3284079.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc4MTYwMDE3ODM1LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3284079.discover-user-id.enc", "IjhiY2U1MDM3LWNjZTUtNDRhOC1iZmUxLWRlNTU5MTVmMGM5YSI=");
Line Deleted : user_pref("CT3284079.enableAlerts", "true");
Line Deleted : user_pref("CT3284079.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3284079.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3284079.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3284079.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3284079.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3284079.fixUrls", true);
Line Deleted : user_pref("CT3284079.fullUserID", "UN17812757079375320.IN.20130821173619");
Line Deleted : user_pref("CT3284079.installDate", "21/08/2013 17:36:19");
Line Deleted : user_pref("CT3284079.installId", "stub.exe");
Line Deleted : user_pref("CT3284079.installSessionId", "{C7CCAD34-A65C-4C7B-BF3D-0720EFA5122C}");
Line Deleted : user_pref("CT3284079.installSp", "TRUE");
Line Deleted : user_pref("CT3284079.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3284079.installUsage", "2013-08-22T03:37:42.776399+03:00");
Line Deleted : user_pref("CT3284079.installUsageEarly", "2013-08-22T03:37:41.2631602+03:00");
Line Deleted : user_pref("CT3284079.installerVersion", "1.5.4.5");
Line Deleted : user_pref("CT3284079.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3284079.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3284079.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3284079.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3284079.keyword", "true");
Line Deleted : user_pref("CT3284079.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3284079&octid=CT3284079&SearchSource=15&CUI=UN17812757079375320&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3284079.lastVersion", "10.21.1.507");
Line Deleted : user_pref("CT3284079.mam_gk_appStateReportTime.enc", "MTM4MzQ0MjEyOTg1Mg==");
Line Deleted : user_pref("CT3284079.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_PriceGrabber.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3284079.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6ImFwcDEzIiwidXJsIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vbWFtLzNyZHBhcnR5YXBwcy9lZGlsaWEvZWRpbGlhLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlv[...]
Line Deleted : user_pref("CT3284079.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3284079.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3284079.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6ImFwcDEzIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNWI5YjdiMWItZDc4Yy00NjQyLWEwMTgtN2ZkZDViYjliZTU4IiwiZG9tYWlucyI6WyIqIl0[...]
Line Deleted : user_pref("CT3284079.mam_gk_currentBadgeValue.enc", "Mw==");
Line Deleted : user_pref("CT3284079.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3284079.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3284079.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3284079.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3284079.mam_gk_lastLoginTime.enc", "MTM4MzQ0MjEzMDEzNA==");
Line Deleted : user_pref("CT3284079.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3284079.mam_gk_newApps.enc", "W3siaWQiOiJhcHAxMyIsIm5hbWUiOiJEaXNjb3ZlciBUZXN0IiwiZGVzY3JpcHRpb24iOiJXYXRjaGluZyB2aWRlbz8gVGhpcyBhcHAgaW50ZWxsaWdlbnRseSBvZmZlcnMgZ3JlYXQgY2xpcHMgZm9yIHlvd[...]
Line Deleted : user_pref("CT3284079.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3284079.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3284079.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODZfMSIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3284079.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3284079.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3284079.mam_gk_userId.enc", "ZGZiZjgxNjctNjc2Zi00ODcyLThhZWQtN2EzYjg2ZmIyZTc2");
Line Deleted : user_pref("CT3284079.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3284079.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3284079.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3284079.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww2.delta-search.com%2F%3Fbabsrc%3DHP_ss%26mntrId%3DDC8A446D57B439F2%26affID%3D120007%26tt%[...]
Line Deleted : user_pref("CT3284079.openThankYouPage", "false");
Line Deleted : user_pref("CT3284079.openUninstallPage", "true");
Line Deleted : user_pref("CT3284079.originalHomepage", "hxxp://search.conduit.com/?UM=2&ctid=CT3297951&SearchSource=13&CUI=UN00935250755861749");
Line Deleted : user_pref("CT3284079.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297951&SearchSource=2&CUI=UN00935250755861749&UM=2&q=");
Line Deleted : user_pref("CT3284079.originalSearchEngine", "");
Line Deleted : user_pref("CT3284079.originalSearchEngineName", "WiseConvert B2 Customized Web Search");
Line Deleted : user_pref("CT3284079.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3284079.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgzNDQyMTc3MzMxLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3284079.rematchagent-user-id.enc", "ImYwOGY4NmI0LWI2YmEtNGQ1MS1iZDk5LWFiNDVlNmVhNDU2ZiI=");
Line Deleted : user_pref("CT3284079.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3284079.search.searchAppId", "130044644329323677");
Line Deleted : user_pref("CT3284079.search.searchCount", "0");
Line Deleted : user_pref("CT3284079.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3284079.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3284079.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3284079.searchRevert", "false");
Line Deleted : user_pref("CT3284079.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3284079.searchUserMode", "2");
Line Deleted : user_pref("CT3284079.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3284079\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SearchYoToolbar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SearchYo \"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3284079.serviceLayer_services_Configuration_lastUpdate", "1383513156240");
Line Deleted : user_pref("CT3284079.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1383513150481");
Line Deleted : user_pref("CT3284079.serviceLayer_services_appsMetadata_lastUpdate", "1383513149439");
Line Deleted : user_pref("CT3284079.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1383513147059");
Line Deleted : user_pref("CT3284079.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1377131862179");
Line Deleted : user_pref("CT3284079.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1377131863574");
Line Deleted : user_pref("CT3284079.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377728224924");
Line Deleted : user_pref("CT3284079.serviceLayer_services_login_10.16.9.6_lastUpdate", "1377131863872");
Line Deleted : user_pref("CT3284079.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378159756700");
Line Deleted : user_pref("CT3284079.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380165448893");
Line Deleted : user_pref("CT3284079.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383530417189");
Line Deleted : user_pref("CT3284079.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1383513147128");
Line Deleted : user_pref("CT3284079.serviceLayer_services_searchAPI_lastUpdate", "1383513156180");
Line Deleted : user_pref("CT3284079.serviceLayer_services_serviceMap_lastUpdate", "1383513149434");
Line Deleted : user_pref("CT3284079.serviceLayer_services_toolbarContextMenu_lastUpdate", "1383513147098");
Line Deleted : user_pref("CT3284079.serviceLayer_services_toolbarSettings_lastUpdate", "1383530417124");
Line Deleted : user_pref("CT3284079.serviceLayer_services_translation_lastUpdate", "1383513151765");
Line Deleted : user_pref("CT3284079.settingsINI", true);
Line Deleted : user_pref("CT3284079.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3284079.showToolbarPermission", "false");
Line Deleted : user_pref("CT3284079.smartbar.CTID", "CT3284079");
Line Deleted : user_pref("CT3284079.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3284079.smartbar.homepage", "true");
Line Deleted : user_pref("CT3284079.smartbar.toolbarName", "SearchYo ");
Line Deleted : user_pref("CT3284079.startPage", "true");
Line Deleted : user_pref("CT3284079.toolbarBornServerTime", "22-8-2013");
Line Deleted : user_pref("CT3284079.toolbarCurrentServerTime", "4-11-2013");
Line Deleted : user_pref("CT3284079.toolbarLoginClientTime", "Wed Aug 21 2013 17:37:43 GMT-0700 (Pacific Standard Time)");
Line Deleted : user_pref("CT3284079.url_history0001", "%F0%E7%FC%E7%F9%E9%F8%EF%F6%FA%C0%E7%EA%EA%DA%F5%C9%E7%F8%FA%AE%AF%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%EA%F2%EB%F8%C0%C0%C0%B7%B9%BD%BE%B6%BC%B6%B9%B6%BA%B6%B8%BB%[...]
Line Deleted : user_pref("CT3284079.url_history0001.enc", "amF2YXNjcmlwdDphZGRUb0NhcnQoKTo6OmNsaWNraGFuZGxlcjo6OjEzNzgwNjAzMDQwMjUsLCxqYXZhc2NyaXB0OmFkZFRvQ2FydCgpOjo6Y2xpY2toYW5kbGVyOjo6MTM3ODA2MDMwNDAzMSwsLGphdmFz[...]
Line Deleted : user_pref("CT3284079.versionFromInstaller", "10.16.9.6");
Line Deleted : user_pref("CT3284079.xpeMode", "3");
Line Deleted : user_pref("CT3284079_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383530427446,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3297951.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3297951.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3297951.1000234.TWC_TMP_city", "LOS ANGELES");
Line Deleted : user_pref("CT3297951.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3297951.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3297951.1000234.TWC_locId", "USCA0638");
Line Deleted : user_pref("CT3297951.1000234.TWC_location", "Los Angeles, CA");
Line Deleted : user_pref("CT3297951.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3297951.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3297951.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3297951.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.FirstTime", "true");
Line Deleted : user_pref("CT3297951.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3297951.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTkyNjE2NQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3ODE1OTY1OQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3ODE1OTY1OQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM3NzExNzcyMw==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3NzEyMjc1Mg==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MTM3NTkyNjI0NQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=borderlands%202&l=www.bing.com&t=2&v=0.4&d=conduit2.enc", "MTM3NTkyNjI1NQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=borderlands%2B2%2Bmodded%2Bgame%2Bsave&l=www.game-tuts.com&t=2&v=0.4&d=conduit2.enc", "MTM3NTkyNjI2Nw==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=gametuts&l=www.game-tuts.com&t=2&v=0.4&d=conduit2.enc", "MTM3NjYzMTg3Mg==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=google&l=www.google.com&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzMyOQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=usbexplorer&l=digiex.net&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzg3OQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=willow%20tree%20beta%2010%20download&l=sourceforge.net&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzQ1OQ==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=willowtree&l=sourceforge.net&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzM2OA==");
Line Deleted : user_pref("CT3297951.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=youtube.com&l=www.youtube.com&t=2&v=0.4&d=conduit2.enc", "MTM3NzExNzcxNQ==");
Line Deleted : user_pref("CT3297951.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3297951.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3297951.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3297951.SF_USER_ID.enc", "Y2lkXzc4MjAxMzE4NDMyMTg3OTQ5MzU=");
Line Deleted : user_pref("CT3297951.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297951&SearchSource=2&CUI=UN00935250755861749&UM=2&q=");
Line Deleted : user_pref("CT3297951.UserID", "UN00935250755861749");
Line Deleted : user_pref("CT3297951.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3297951.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3297951.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3297951.cb_experience_000.enc", "Mjk=");
Line Deleted : user_pref("CT3297951.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3297951.cb_user_id_000.enc", "Q0I2ODA4NjI4NDEyMzRfMTM3NTkyNjIwMDA3Nl9GaXJlZm94");
Line Deleted : user_pref("CT3297951.cbfirsttime.enc", "V2VkIEF1ZyAwNyAyMDEzIDE4OjQyOjQzIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3297951.countryCode", "US");
Line Deleted : user_pref("CT3297951.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3297951.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc4MTYwMDE3NjU4LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3297951.discover-user-id.enc", "Ijk2MjgzNjJjLThkYmMtNDcxNy1iZDQ4LTlmYzcxNzU0ZWJiNyI=");
Line Deleted : user_pref("CT3297951.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3297951.fired_events", "");
Line Deleted : user_pref("CT3297951.fired_events.enc", "");
Line Deleted : user_pref("CT3297951.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3297951.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3297951.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3297951.fixUrls", true);
Line Deleted : user_pref("CT3297951.fullUserID", "UN00935250755861749.TB.20130807184226");
Line Deleted : user_pref("CT3297951.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3297951.hover_counter.enc", "MQ==");
Line Deleted : user_pref("CT3297951.impression_counter.enc", "MQ==");
Line Deleted : user_pref("CT3297951.impression_session_counter.enc", "MQ==");
Line Deleted : user_pref("CT3297951.impression_session_id.enc", "IjRkOTE5OTg3LWIzMTItNDBjMy05MmZiLTgwZDJkNjljNTE0OCI=");
Line Deleted : user_pref("CT3297951.impression_session_last_active.enc", "MTM3NzExNzc0MzU1Mg==");
Line Deleted : user_pref("CT3297951.installType", "Unknown");
Line Deleted : user_pref("CT3297951.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3297951.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3297951.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3297951.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.key_date", "%B9");
Line Deleted : user_pref("CT3297951.key_date.enc", "Mw==");
Line Deleted : user_pref("CT3297951.keyword", true);
Line Deleted : user_pref("CT3297951.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3297951&octid=CT3297951&SearchSource=15&CUI=UN00935250755861749&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3297951.lastVersion", "10.21.1.507");
Line Deleted : user_pref("CT3297951.mam_gk_appStateReportTime.enc", "MTM4MzQ0MjEzMzc2Nw==");
Line Deleted : user_pref("CT3297951.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3297951.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkpvYnNNaW5lciIsInVybCI6Imh0dHA6Ly9qb2JzbWluZXIuY29tL2NvbGxhYm9yYXRpb25zL2NvbmR1aXQvaW5kZXgyLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNE[...]
Line Deleted : user_pref("CT3297951.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3297951.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQxNzgyY2FiLWVjMWQtNGJmZS05NmUzLWM1NDQ5MWZmYWJjMiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3297951.mam_gk_currentBadgeValue.enc", "Mg==");
Line Deleted : user_pref("CT3297951.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3297951.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3297951.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3297951.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3297951.mam_gk_lastLoginTime.enc", "MTM4MzQ0MjEzMTMzMw==");
Line Deleted : user_pref("CT3297951.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3297951.mam_gk_newApps.enc", "W3siaWQiOiJKb2JzTWluZXIiLCJuYW1lIjoiSm9ic01pbmVyIiwiZGVzY3JpcHRpb24iOiJKb2JzbWluZXIgaXMgYSB1bmlxdWUgam9iIHNlYXJjaCBlbmdpbmUgZmluZGluZyBqb2Igb2ZmZXJpbmdzIFxuc[...]
Line Deleted : user_pref("CT3297951.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3297951.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3297951.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjM1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3297951.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3297951.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3297951.mam_gk_userId.enc", "NDAwODgyZjctMTlmOS00Y2NhLWI4NDYtYWRhNzFkNTQ1ZTE4");
Line Deleted : user_pref("CT3297951.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3297951.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3297951.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3297951.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww2.delta-search.com%2F%3Fbabsrc%3DHP_ss%26mntrId%3DDC8A446D57B439F2%26affID%3D120007%26tt%3D010913_12%26tsp%3D4993[...]
Line Deleted : user_pref("CT3297951.originalHomepage", "hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP&dt=122712");
Line Deleted : user_pref("CT3297951.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=122712&q=");
Line Deleted : user_pref("CT3297951.originalSearchEngine", "Bing ");
Line Deleted : user_pref("CT3297951.originalSearchEngineName", "Bing ");
Line Deleted : user_pref("CT3297951.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3297951.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3297951.search.searchAppId", "130106760781777585");
Line Deleted : user_pref("CT3297951.search.searchCount", "0");
Line Deleted : user_pref("CT3297951.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3297951.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3297951.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3297951.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3297951.searchUserMode", "2");
Line Deleted : user_pref("CT3297951.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3297951\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvertB2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert B2 \"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3297951.serviceLayer_services_Configuration_lastUpdate", "1383513151704");
Line Deleted : user_pref("CT3297951.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1383513146744");
Line Deleted : user_pref("CT3297951.serviceLayer_services_appsMetadata_lastUpdate", "1383513146416");
Line Deleted : user_pref("CT3297951.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1383513146450");
Line Deleted : user_pref("CT3297951.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377728224537");
Line Deleted : user_pref("CT3297951.serviceLayer_services_login_10.16.9.6_lastUpdate", "1376631907893");
Line Deleted : user_pref("CT3297951.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378159755762");
Line Deleted : user_pref("CT3297951.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383530416805");
Line Deleted : user_pref("CT3297951.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1383513154319");
Line Deleted : user_pref("CT3297951.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1383513154289");
Line Deleted : user_pref("CT3297951.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1383513146421");
Line Deleted : user_pref("CT3297951.serviceLayer_services_searchAPI_lastUpdate", "1383513151509");
Line Deleted : user_pref("CT3297951.serviceLayer_services_serviceMap_lastUpdate", "1383513146485");
Line Deleted : user_pref("CT3297951.serviceLayer_services_setupAPI_lastUpdate", "1375926148085");
Line Deleted : user_pref("CT3297951.serviceLayer_services_toolbarContextMenu_lastUpdate", "1383513146379");
Line Deleted : user_pref("CT3297951.serviceLayer_services_toolbarSettings_lastUpdate", "1383530417098");
Line Deleted : user_pref("CT3297951.serviceLayer_services_translation_lastUpdate", "1383513146553");
Line Deleted : user_pref("CT3297951.settingsINI", true);
Line Deleted : user_pref("CT3297951.showToolbarPermission", "false");
Line Deleted : user_pref("CT3297951.smartbar.CTID", "CT3297951");
Line Deleted : user_pref("CT3297951.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3297951.smartbar.homepage", true);
Line Deleted : user_pref("CT3297951.smartbar.toolbarName", "WiseConvert B2 ");
Line Deleted : user_pref("CT3297951.toolbarBornServerTime", "8-8-2013");
Line Deleted : user_pref("CT3297951.toolbarCurrentServerTime", "4-11-2013");
Line Deleted : user_pref("CT3297951.toolbarLoginClientTime", "Wed Aug 07 2013 18:42:37 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3297951.url_history0001.enc", "aHR0cDovL3d3dy5kb2dmdW5rLmNvbS9uaWtlLWVyaWMta29zdG9uLTItc2thdGUtc2hvZS1tZW5zP0NNUF9TS1U9TktFMDgyOSZNRVI9MDQwNiZzaWQ9TktFMDgyOSZDTVBfSUQ9U0hfU0hQMDAzJm12X3Bj[...]
Line Deleted : user_pref("CT3297951.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT3297951_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383530427434,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SearchYo Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284079&CUI=UN17812757079375320&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1237&v=a12349-237&t=4");
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylig[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app34344%22%3A%22app34[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.expiration", "Thu Apr 24 2014 20:06:29 GMT-0700 (Pacific Sta[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.expiration", "Fri Apr 18 2014 20:06:29 GMT-0700 (Pacific Standa[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A34344%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A335479%2C%22ver%22%3A23%[...]
Line Deleted : user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_resource_335479.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "140a374958810e5b868ebe60569f0984");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "dc8a02a4000000000000446d57b439f2");
Line Deleted : user_pref("extensions.delta.instlDay", "15950");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.615:07:17");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=120007&tt=010913_12&tsp=4993");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tightropeyb");
Line Deleted : user_pref("extensions.helperbar.installationid", "a463dc7d-8d94-1ba6-b610-15f54b22931c");
Line Deleted : user_pref("extensions.helperbar.installdate", "04/12/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "tightropeyb");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1237&systemid=406&v=a12349-237&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0908337753244104&o=APN10645&q=");

*************************

AdwCleaner[R0].txt - [116761 octets] - [18/04/2014 17:48:14]
AdwCleaner[R1].txt - [116823 octets] - [18/04/2014 18:03:46]
AdwCleaner[R2].txt - [116170 octets] - [19/04/2014 07:52:42]
AdwCleaner[R3].txt - [70855 octets] - [19/04/2014 07:56:49]
AdwCleaner[S0].txt - [7947 octets] - [19/04/2014 07:55:40]
AdwCleaner[S1].txt - [69093 octets] - [19/04/2014 07:58:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [69154 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Hathaikan`` on Sat 04/19/2014 at  8:11:28.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] update diamondata
Successfully deleted: [Service] update diamondata

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723434133-573567577-597090739-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B90AD615-78A8-4268-B672-1E827C613A25}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1dac034-9fd9-4c13-a388-d2e10e57707f}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{d1dac034-9fd9-4c13-a388-d2e10e57707f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d1dac034-9fd9-4c13-a388-d2e10e57707f}

 

~~~ Files

Successfully deleted: [File] "C:\windows\Tasks\wise registry cleaner schedule task.job"
Successfully deleted: [File] C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\Users\Hathaikan``\appdata\locallow\datamngr"
Failed to delete: [Folder] "C:\Program Files (x86)\movies toolbar"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Hathaikan``\AppData\Roaming\mozilla\firefox\profiles\4wos8yh8.default\extensions\firefox@diamondata.net.xpi
Successfully deleted: [Folder] C:\Users\Hathaikan``\AppData\Roaming\mozilla\firefox\profiles\4wos8yh8.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
Emptied folder: C:\Users\Hathaikan``\AppData\Roaming\mozilla\firefox\profiles\4wos8yh8.default\minidumps [5 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/19/2014 at  8:14:22.79
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

OTL logfile created on: 4/19/2014 8:14:59 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hathaikan``\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.49 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 81.86% Memory free
14.97 Gb Paging File | 13.42 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.52 Gb Total Space | 849.29 Gb Free Space | 92.87% Space Free | Partition Type: NTFS
Drive D: | 16.77 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
 
Computer Name: HATHAIKAN | User Name: Hathaikan`` | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hathaikan``\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fe7c09c37b8b39bd894d6a225f9ca01b\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dd733c6f1f9f50f3517d48da5bea80d2\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f0b36ad0ff72c3122a547f952b936ef5\ReachFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll ()
MOD - c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6132fda2-0da5-4f6f-bb57-df07abd10eab} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledAddons: %7B8b337819-d1e8-48d3-8178-168ae8c99c36%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7Ba463dc7d-8d94-1ba6-b610-15f54b22931c%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B10886a85-c81d-48e0-a17e-106b174c4131%7D:1.150
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1466
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.94.196
FF - prefs.js..extensions.enabledAddons: 509508ef-0b14-4616-a557-0d58601be33d%40c4a581e9-0ea6-46db-a185-58e021ee138c.com:0.94.200
FF - prefs.js..extensions.enabledAddons: %7B1BE3023D-C419-0C7D-E351-6BBBA7D8F77C%7D:5.0.0.12349
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/29 19:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{10886a85-c81d-48e0-a17e-106b174c4131}: C:\Program Files (x86)\Buzz-it\150.xpi [2014/01/24 11:52:11 | 000,007,518 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/07/27 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Extensions
[2014/04/19 08:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions
[2014/04/18 18:04:49 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{1BE3023D-C419-0C7D-E351-6BBBA7D8F77C}
[2013/12/04 16:44:51 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{a463dc7d-8d94-1ba6-b610-15f54b22931c}
[2014/01/24 11:25:49 | 000,000,000 | ---D | M] (Movies Toolbar (Dist. by Bandoo Media, Inc.)) -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{d1dac034-9fd9-4c13-a388-d2e10e57707f}
[2014/04/17 19:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/17 19:08:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/24 11:52:11 | 000,007,518 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\BUZZ-IT\150.XPI
[2012/08/29 19:24:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\HATHAIKAN``\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4WOS8YH8.DEFAULT\EXTENSIONS\{8B337819-D1E8-48D3-8178-168AE8C99C36}
File not found (No name found) -- C:\USERS\HATHAIKAN``\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4WOS8YH8.DEFAULT\EXTENSIONS\0C3E9649-324D-4DF0-A61E-7AC31AEAD042@2612BB82-5F8A-49B2-A299-348E707310FC.COM
File not found (No name found) -- C:\USERS\HATHAIKAN``\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4WOS8YH8.DEFAULT\EXTENSIONS\509508EF-0B14-4616-A557-0D58601BE33D@C4A581E9-0EA6-46DB-A185-58E021EE138C.COM
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (diamondata) - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondatabho.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {6132fda2-0da5-4f6f-bb57-df07abd10eab} - No CLSID value found.
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A925B770-EFE6-4C51-B1B1-DD2C715139C6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFCCA069-05E4-45E0-BECF-E4E95A64EFE9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll) - c:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 08:05:06 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/04/18 17:48:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/18 17:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/18 17:26:13 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 17:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/18 17:24:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/18 17:23:48 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\Desktop\mbar
[2014/04/17 20:03:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Hathaikan``\Desktop\dds.com
[2014/04/17 19:49:26 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Hathaikan``\Desktop\JRT.exe
[2014/04/17 19:27:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hathaikan``\Desktop\OTL.exe
[2014/04/17 19:18:23 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Hathaikan``\Desktop\mbar-1.07.0.1009.exe
[2014/04/17 19:10:48 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/17 19:10:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/17 19:10:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/17 19:10:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/17 19:10:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/17 19:10:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/17 19:10:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/17 19:10:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/17 19:10:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/17 19:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/04/17 19:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/30 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperFastPC
[2014/03/30 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\AppData\Roaming\NewspaperDirect
[2014/03/30 18:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/30 18:50:23 | 000,000,000 | ---D | C] -- C:\Users\Hathaikan``\AppData\Local\Diagnostics
[2014/03/30 18:40:56 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/03/30 18:11:22 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll
[2014/03/30 18:11:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2014/03/30 18:11:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/03/30 18:11:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/03/30 18:11:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/03/30 18:11:09 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/03/30 18:11:09 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/03/30 18:11:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/03/30 18:11:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/03/30 18:11:08 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/03/30 18:11:08 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/03/30 18:11:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/03/30 18:11:06 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/03/30 18:11:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/03/30 18:11:05 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/03/30 18:11:05 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/03/30 18:11:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/03/30 18:11:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/03/30 18:11:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/03/30 18:11:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/03/30 18:11:00 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/03/30 18:11:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/03/30 18:11:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/03/30 18:10:59 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/03/30 18:10:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/03/30 18:10:58 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/30 18:10:52 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/03/30 18:10:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 08:16:06 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 08:16:06 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 08:14:34 | 001,019,146 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/19 08:14:34 | 000,242,390 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/19 08:14:34 | 000,006,206 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/19 08:08:39 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/19 08:08:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/19 08:08:27 | 1734,496,255 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 07:51:36 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/18 18:03:28 | 001,258,805 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\AdwCleaner.exe
[2014/04/18 17:26:13 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 17:24:49 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/18 06:47:19 | 000,855,379 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\SecurityCheck.exe
[2014/04/17 20:19:50 | 000,004,325 | ---- | M] () -- C:\Users\Hathaikan``\Desktop\attach.zip
[2014/04/17 20:03:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Hathaikan``\Desktop\dds.com
[2014/04/17 19:49:31 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Hathaikan``\Desktop\JRT.exe
[2014/04/17 19:27:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hathaikan``\Desktop\OTL.exe
[2014/04/17 19:18:30 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Hathaikan``\Desktop\mbar-1.07.0.1009.exe
[2014/04/03 09:10:38 | 000,413,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/30 19:01:43 | 000,000,706 | ---- | M] () -- C:\Users\Hathaikan``\Hathaikan`` - Shortcut.lnk
[2014/03/30 18:46:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/30 18:46:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/30 18:28:06 | 000,000,168 | ---- | M] () -- C:\Users\Hathaikan``\AppData\Roaming\WB.CFG
[2014/03/30 18:07:23 | 000,000,452 | ---- | M] () -- C:\windows\SysWow64\ff.bin
[2014/03/30 18:01:04 | 000,000,536 | ---- | M] () -- C:\windows\SysWow64\schtasks.bin
[2014/03/30 15:46:15 | 000,000,390 | ---- | M] () -- C:\windows\tasks\Buzz-it Update.job
 
========== Files Created - No Company Name ==========
 
[2014/04/18 18:03:28 | 001,258,805 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\AdwCleaner.exe
[2014/04/18 06:46:55 | 000,855,379 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\SecurityCheck.exe
[2014/04/17 20:19:50 | 000,004,325 | ---- | C] () -- C:\Users\Hathaikan``\Desktop\attach.zip
[2014/03/30 19:01:43 | 000,000,706 | ---- | C] () -- C:\Users\Hathaikan``\Hathaikan`` - Shortcut.lnk
[2014/02/02 09:02:54 | 000,000,452 | ---- | C] () -- C:\windows\SysWow64\ff.bin
[2014/01/31 11:25:03 | 000,000,536 | ---- | C] () -- C:\windows\SysWow64\schtasks.bin
[2013/12/26 10:28:23 | 000,000,168 | ---- | C] () -- C:\Users\Hathaikan``\AppData\Roaming\WB.CFG
[2013/08/21 16:01:45 | 000,000,258 | RHS- | C] () -- C:\Users\Hathaikan``\ntuser.pol
[2013/08/15 22:41:46 | 000,003,727 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/04/24 23:20:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/04/24 23:17:31 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 19 April 2014 - 11:09 AM

Hello iNTeRNeT JuNKie,

we delete the tools when all is done, in the next days...

there was a lot of toolbars and adware.
Some more will be deleteted with that script:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    [2013/12/04 16:44:51 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{a463dc7d-8d94-1ba6-b610-15f54b22931c}
    O2 - BHO: (diamondata) - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondatabho.dll File not found
    
    :Commands
    [purity]
    [emptytemp]
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 iNTeRNeT JuNKie

iNTeRNeT JuNKie
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 April 2014 - 08:58 PM

I accidently opened a firefox window which redirected me to the host site above.  Should I be concerned. This happened before I ran OTL w/ recommended script clean up

 

 

 

All processes killed
========== OTL ==========
Folder C:\Users\Hathaikan``\AppData\Roaming\Mozilla\Firefox\Profiles\4wos8yh8.default\extensions\{a463dc7d-8d94-1ba6-b610-15f54b22931c}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055af109-de93-4160-bcfc-7da70ecaa020}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055af109-de93-4160-bcfc-7da70ecaa020}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 2384959 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 19598049 bytes
->Flash cache emptied: 56958 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hathaikan``
->Temp folder emptied: 25335675 bytes
->Temporary Internet Files folder emptied: 71562283 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 179882285 bytes
->Flash cache emptied: 58157 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8581127 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304810 bytes
RecycleBin emptied: 25909565 bytes
 
Total Files Cleaned = 358.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04212014_185043

Files\Folders moved on Reboot...
C:\Users\Hathaikan``\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Hathaikan``\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 22 April 2014 - 03:20 AM

I accidently opened a firefox window which redirected me to the host site above.  Should I be concerned. This happened before I ran OTL w/ recommended script clean up



Hello iNTeRNeT JuNKie,

I do not understand.
To which host site were you redirected?

1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 iNTeRNeT JuNKie

iNTeRNeT JuNKie
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 22 April 2014 - 10:57 PM

Jo,

 

 Installing Java was a pita..  I was able to successfully load Java

 

 

C:\Users\Hathaikan``\Downloads\ZipOpenerSetup.exe a variant of Win32/Kryptik.BWAM Trojan

 

 

I have not used the PC for any browsing other than to access this site.
 



#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 23 April 2014 - 01:28 AM

Hi,

 

run Windows explorer

 

navigate to folder C:\Users\Hathaikan``\Downloads

 

delete this file: ZipOpenerSetup.exe


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 iNTeRNeT JuNKie

iNTeRNeT JuNKie
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 23 April 2014 - 05:15 PM

Hi,

 

This has been done



#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 23 April 2014 - 05:53 PM

Hello iNTeRNeT JuNKie,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:

Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL

:Commands
[emptytemp]
[clearallrestorepoints]
  • Close all other programs apart from OTL as this step may require a reboot
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Say Yes to the prompt and then allow the program to reboot your computer.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 AM

Posted 30 April 2014 - 05:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users