Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Interpol Ransomware


  • This topic is locked This topic is locked
47 replies to this topic

#1 Havok10

Havok10

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 27 May 2014 - 01:37 PM

Hi,

 

I have a Desktop PC HP Pavillion P7-1026 that is infected with the Interpol Ransomware.  I have downloaded Hitman Pro and created a Kickstart USB.  The USB is detected by the system BIOS upon boot and loads the Kickstart program, but no matter which of the 3 options I choose: 1-Bypass Master Boot Record, 2-Regular Boot (when bypass doesnt work) or 3-Legacy Mode,  it starts booting and then just resets the PC.

 

Booting in Safe Mode does the same thing.  I need some assistance on what to do next..  Thanks in advance.



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 28 May 2014 - 03:40 AM

Which windows version is running?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 28 May 2014 - 11:35 AM

Windows 7.  I actually got FRST to run, by following windows recovery instructions and getting to a command prompt.  Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by SYSTEM on MININT-JKAITDF on 27-05-2014 17:20:06
Running from K:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\gary\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2\n. ATTENTION! ====> ZeroAccess?
HKU\gary\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\gary\...\Run: [Starfield Updater] => C:\Program Files (x86)\Workspace\WorkspaceUpdate.exe [35008 2013-04-16] (Starfield Technologies)
HKU\gary\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2011-11-10] (Siber Systems)
HKU\gary\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\gary\...\Run: [SkyDrive] => C:\Users\gary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-23] (Microsoft Corporation)
HKU\gary\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [19604072 2013-06-03] (Skype Technologies S.A.)
HKU\gary\...\Run: [AIM for Windows] => C:\Users\gary\AppData\Local\AOL\AIM\aim.exe [2937384 2013-03-29] (AOL Inc.)
HKU\gary\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\gary\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\gary\...\Policies\Explorer: [HideSCAHealth] 1
HKU\gman\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\gman\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2011-11-10] (Siber Systems)
Startup: C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk
ShortcutTarget: frnggmqw.lnk -> C:\ProgramData\2992199F9A\wqmggnrf.cpp ()
Startup: C:\Users\gman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk
ShortcutTarget: frnggmqw.lnk -> C:\ProgramData\2992199F9A\wqmggnrf.cpp ()

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-11] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()
S2 Winmgmt; C:\ProgramData\2992199F9A\frnggmqw.faa [332524 2014-05-14] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-26] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\ENG64.SYS [117880 2011-03-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\EX64.SYS [1791096 2011-03-04] (Symantec Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-08-11] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 17:19 - 2014-05-27 17:20 - 00000000 ____D () C:\FRST
2014-05-22 08:57 - 2014-05-22 08:57 - 00000000 _____ () C:\Users\gary\AppData\Local\{B91BFCC4-1859-43C1-A478-C5F819EDF9FF}
2014-05-14 05:42 - 2014-05-27 09:17 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-13 06:10 - 2014-05-14 09:48 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-11 20:10 - 2014-05-14 09:48 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-06 19:04 - 2014-05-14 04:48 - 00000000 ____D () C:\Users\gary\AppData\Roaming\DropboxMaster
2014-05-05 16:51 - 2014-05-05 16:51 - 00000000 ____D () C:\Users\gman\AppData\Roaming\TeamViewer
2014-04-27 12:46 - 2014-05-15 16:58 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-27 12:44 - 2014-05-27 09:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 12:44 - 2014-05-15 18:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 12:44 - 2014-05-07 19:51 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-27 12:44 - 2014-05-07 19:51 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

2014-05-27 17:20 - 2014-05-27 17:19 - 00000000 ____D () C:\FRST
2014-05-27 13:51 - 2011-08-25 15:15 - 00000000 ____D () C:\ProgramData\Recovery
2014-05-27 13:10 - 2011-04-11 15:47 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-27 13:10 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 13:10 - 2009-07-13 20:51 - 00132352 _____ () C:\Windows\setupact.log
2014-05-27 10:01 - 2009-07-13 21:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 09:22 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 09:22 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 09:21 - 2013-06-18 12:50 - 00000000 ____D () C:\Users\gary\AppData\Roaming\Dropbox
2014-05-27 09:17 - 2014-05-14 05:42 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-27 09:17 - 2014-04-27 12:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 09:17 - 2013-12-22 14:22 - 00000338 _____ () C:\Windows\Tasks\dsmonitor.job
2014-05-22 08:57 - 2014-05-22 08:57 - 00000000 _____ () C:\Users\gary\AppData\Local\{B91BFCC4-1859-43C1-A478-C5F819EDF9FF}
2014-05-15 18:21 - 2014-04-27 12:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 18:21 - 2012-04-09 05:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-15 18:21 - 2011-09-19 07:53 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-05-15 16:58 - 2014-04-27 12:46 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 12:51 - 2014-03-26 07:52 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 12:51 - 2012-04-09 05:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 12:51 - 2012-04-09 05:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:51 - 2011-08-24 18:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:48 - 2014-05-13 06:10 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-14 09:48 - 2014-05-11 20:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-14 05:46 - 2013-06-18 13:17 - 00000000 ___RD () C:\Users\gary\Dropbox
2014-05-14 05:40 - 2011-10-17 15:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2CADCB-8227-41B6-9CBC-7999A0C0E098}
2014-05-14 05:36 - 2013-09-15 05:36 - 00000282 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-05-14 04:58 - 2011-10-26 09:47 - 00000000 ____D () C:\Users\gary\AppData\Roaming\Skype
2014-05-14 04:48 - 2014-05-06 19:04 - 00000000 ____D () C:\Users\gary\AppData\Roaming\DropboxMaster
2014-05-14 04:47 - 2013-06-18 13:17 - 00001017 _____ () C:\Users\gary\Desktop\Dropbox.lnk
2014-05-14 02:58 - 2010-11-20 19:47 - 00803076 _____ () C:\Windows\PFRO.log
2014-05-13 21:22 - 2011-08-12 23:49 - 00000000 ____D () C:\Users\gary\AppData\Roaming\Azureus
2014-05-13 20:44 - 2011-08-12 23:35 - 00000000 ____D () C:\Users\gary\AppData\Local\CrashDumps
2014-05-12 15:03 - 2011-08-18 04:45 - 00000116 _____ () C:\Windows\NeroDigital.ini
2014-05-07 23:33 - 2013-08-16 11:14 - 00000000 ____D () C:\users\gman
2014-05-07 23:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-07 23:32 - 2011-11-26 11:43 - 00000000 ____D () C:\ProgramData\Real
2014-05-07 23:32 - 2011-04-11 15:38 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-05-07 23:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-05-07 23:29 - 2012-08-20 19:49 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-05-07 19:51 - 2014-04-27 12:44 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 19:51 - 2014-04-27 12:44 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 19:36 - 2011-08-11 15:08 - 00000000 ____D () C:\users\gary
2014-05-05 16:51 - 2014-05-05 16:51 - 00000000 ____D () C:\Users\gman\AppData\Roaming\TeamViewer
2014-05-05 07:16 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-05-05 07:12 - 2011-08-11 22:33 - 00000000 ____D () C:\Users\gary\AppData\Local\PDFC
2014-05-01 15:50 - 2009-07-13 21:13 - 00779550 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-29 11:46 - 2011-08-11 13:10 - 01697462 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 18:20 - 2013-08-16 11:15 - 00002257 _____ () C:\Users\gman\Desktop\Google Chrome.lnk
2014-04-27 12:46 - 2011-11-23 16:22 - 00000000 ____D () C:\Program Files (x86)\Google
ZeroAccess:
C:\Users\gary\AppData\Local\Google\Desktop\Install

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3733189056-889463717-1882944409-1000\$b6ee8f0ecc4ca8a91719f0d5d4a140d2

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2

Files to move or delete:
====================
C:\ProgramData\7t8bnbnwlrj.fee
C:\ProgramData\7t8bnbnwlrj.zvv
C:\ProgramData\eksnoyko.dat
C:\ProgramData\eyxpawhu.dat
C:\ProgramData\hjmxqhh.dat
C:\ProgramData\phwdgrv.dat
C:\ProgramData\sojcgtx.dat
C:\ProgramData\vlcejwwlv.fee
C:\Users\gary\jqs.exe
C:\Users\gary\jucheck.exe
C:\Users\gary\AppData\Roaming\skype.dat


Some content of TEMP:
====================
C:\Users\gary\AppData\Local\Temp\7za.exe
C:\Users\gary\AppData\Local\Temp\ApnStub.exe
C:\Users\gary\AppData\Local\Temp\AskSLib.dll
C:\Users\gary\AppData\Local\Temp\avguidx.dll
C:\Users\gary\AppData\Local\Temp\BackupSetup.exe
C:\Users\gary\AppData\Local\Temp\CommonInstaller.exe
C:\Users\gary\AppData\Local\Temp\DivXSetup.exe
C:\Users\gary\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdwg36k.dll
C:\Users\gary\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\gary\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\gary\AppData\Local\Temp\HPHASUtil.exe
C:\Users\gary\AppData\Local\Temp\iGearedHelper.dll
C:\Users\gary\AppData\Local\Temp\inslteqf.dll
C:\Users\gary\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\gary\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\gary\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\gary\AppData\Local\Temp\lnp.dll
C:\Users\gary\AppData\Local\Temp\lowproc.exe
C:\Users\gary\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\gary\AppData\Local\Temp\oi_{076F0768-056D-4C8D-A845-2F314C981069}.exe
C:\Users\gary\AppData\Local\Temp\oi_{6703DAB6-F7A1-4B23-9D31-81D1A643DC15}.exe
C:\Users\gary\AppData\Local\Temp\oi_{ADC786F0-E956-48B1-9582-DC4B51B8516A}.exe
C:\Users\gary\AppData\Local\Temp\oi_{AFF2F3C7-ECD9-44B9-B2A8-C96E3A5709E2}.exe
C:\Users\gary\AppData\Local\Temp\oi_{F69ACB29-6B9C-48D6-8BE7-0834782C8726}.exe
C:\Users\gary\AppData\Local\Temp\qa2qaxwv.dll
C:\Users\gary\AppData\Local\Temp\Resource.exe
C:\Users\gary\AppData\Local\Temp\setup.exe
C:\Users\gary\AppData\Local\Temp\SkypeSetup.exe
C:\Users\gary\AppData\Local\Temp\sqlite3.exe
C:\Users\gary\AppData\Local\Temp\stubhelper.dll
C:\Users\gary\AppData\Local\Temp\tbappb.dll
C:\Users\gary\AppData\Local\Temp\tbVuz0.dll
C:\Users\gary\AppData\Local\Temp\tbWhit.dll
C:\Users\gary\AppData\Local\Temp\TB_7271.exe
C:\Users\gary\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\gary\AppData\Local\Temp\Tsu85D6F7AB.dll
C:\Users\gary\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\gary\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\gary\AppData\Local\Temp\UNNERO.exe
C:\Users\gary\AppData\Local\Temp\YontooSetup-S.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-05-14 13:01:38

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 5887.29 MB
Available physical RAM: 4958.75 MB
Total Pagefile: 5885.48 MB
Available Pagefile: 4960.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:445.59 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (HITMANPRO) (Removable) (Total:0.11 GB) (Free:0.09 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 377A4AA5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 121 MB) (Disk ID: 3AE113F7)
Partition 1: (Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2014-05-09 06:14

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 31 May 2014 - 01:21 PM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2\n. ATTENTION! ====> ZeroAccess?
    Startup: C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk
    ShortcutTarget: frnggmqw.lnk -> C:\ProgramData\2992199F9A\wqmggnrf.cpp ()
    Startup: C:\Users\gman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk
    ShortcutTarget: frnggmqw.lnk -> C:\ProgramData\2992199F9A\wqmggnrf.cpp ()
    
    C:\ProgramData\7t8bnbnwlrj.fee
    C:\ProgramData\7t8bnbnwlrj.zvv
    C:\ProgramData\eksnoyko.dat
    C:\ProgramData\eyxpawhu.dat
    C:\ProgramData\hjmxqhh.dat
    C:\ProgramData\phwdgrv.dat
    C:\ProgramData\sojcgtx.dat
    C:\ProgramData\vlcejwwlv.fee
    C:\Users\gary\jqs.exe
    C:\Users\gary\jucheck.exe
    C:\Users\gary\AppData\Roaming\skype.dat
    C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2
    C:\$Recycle.Bin\S-1-5-21-3733189056-889463717-1882944409-1000
    C:\ProgramData\2992199F9A    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try to boot into windows.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 02 June 2014 - 09:08 AM

Here are the scans requested:  GMER DID NOT FIND ANYTHING SO THE ARK.TXT WAS BLANK

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by gary (administrator) on GARY-HP on 02-06-2014 09:47:17
Running from C:\Windows\System32\config\systemprofile\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\gary\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKU\.DEFAULT\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\.DEFAULT\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2011-11-10] (Siber Systems)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.8-1401
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {ADE2C4D7-A5FE-4436-A2A8-2C50B3530C9F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {ADE2C4D7-A5FE-4436-A2A8-2C50B3530C9F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={F991D1AE-C810-4E1D-BFF6-A2120F9ACD54}&mid=bf42b834fb3647d1a52efd6e91ffd0ea-469eadaf1a655fa3c76c8b711186f2bdb28ab385&lang=en&ds=AVG&pr=fr&d=2012-09-29 08:48:29&v=12.2.5.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {01A709C5-4F9D-4B1E-ADD4-1ACAA963C99A} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {77883973-C6D0-4CFB-A812-ADBB43954EE5} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={F991D1AE-C810-4E1D-BFF6-A2120F9ACD54}&mid=bf42b834fb3647d1a52efd6e91ffd0ea-469eadaf1a655fa3c76c8b711186f2bdb28ab385&lang=en&ds=AVG&pr=fr&d=2012-09-29 08:48:29&v=12.2.5.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {CB891CE4-FE13-4EC5-B3D0-DE3A2DD55D61} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {D08F90E7-DD09-4500-989D-0AA4E92E6005} URL =
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - No Name - {0cc09160-108c-4759-bab1-5c12c216e005} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Peggle/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Peggle/Images/armhelper.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RadioRage_4j.com/Plugin - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{b3bf2462-2082-6430-c7e4-a63aa891e65f} [2013-08-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_6_3
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_6_3 [2012-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [4jffxtbr@RadioRage_4j.com] - C:\Program Files (x86)\RadioRage_4j\bar\1.bin
FF Extension: RadioRage - C:\Program Files (x86)\RadioRage_4j\bar\1.bin [2012-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S2 Winmgmt; C:\PROGRA~3\2992199F9A\frnggmqw.faa [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-27] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\ENG64.SYS [117880 2011-03-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\EX64.SYS [1791096 2011-03-04] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-08-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 09:47 - 2014-06-02 09:47 - 00026503 _____ () C:\Windows\system32\config\systemprofile\Desktop\FRST.txt
2014-06-02 09:45 - 2014-06-02 09:13 - 00380416 _____ () C:\Windows\system32\config\systemprofile\Desktop\21m6xlyj.exe
2014-06-02 09:44 - 2014-05-27 17:07 - 02066944 _____ (Farbar) C:\Windows\system32\config\systemprofile\Desktop\FRST64.exe
2014-05-27 21:19 - 2014-06-02 09:47 - 00000000 ____D () C:\FRST
2014-05-13 10:10 - 2014-05-14 13:48 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-12 00:10 - 2014-05-14 13:48 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3733189056-889463717-1882944409-1000

==================== One Month Modified Files and Folders =======

2014-06-02 09:47 - 2014-06-02 09:47 - 00026503 _____ () C:\Windows\system32\config\systemprofile\Desktop\FRST.txt
2014-06-02 09:47 - 2014-05-27 21:19 - 00000000 ____D () C:\FRST
2014-06-02 09:44 - 2012-04-15 13:14 - 00058016 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 09:43 - 2014-04-27 16:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 09:43 - 2013-12-22 18:22 - 00000338 _____ () C:\Windows\Tasks\dsmonitor.job
2014-06-02 09:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 09:42 - 2009-07-14 01:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 09:41 - 2009-07-14 00:51 - 00132464 _____ () C:\Windows\setupact.log
2014-06-02 09:14 - 2011-09-19 11:53 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-06-02 09:13 - 2014-06-02 09:45 - 00380416 _____ () C:\Windows\system32\config\systemprofile\Desktop\21m6xlyj.exe
2014-06-02 08:57 - 2014-04-27 16:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 08:51 - 2012-04-09 09:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 06:23 - 2012-06-02 13:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForgary.job
2014-05-30 18:32 - 2012-04-09 05:21 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGARY-HP$
2014-05-30 18:32 - 2012-04-09 05:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForGARY-HP$.job
2014-05-30 18:01 - 2011-02-11 13:01 - 70320128 _____ () C:\Windows\system32\config\RegBack\SOFTWARE
2014-05-30 18:01 - 2011-02-11 13:01 - 16973824 _____ () C:\Windows\system32\config\RegBack\SYSTEM
2014-05-30 18:01 - 2011-02-11 13:01 - 02449408 _____ () C:\Windows\system32\config\RegBack\DEFAULT
2014-05-30 18:01 - 2011-02-11 13:01 - 00098304 _____ () C:\Windows\system32\config\RegBack\SAM
2014-05-30 18:00 - 2011-02-11 13:01 - 00024576 _____ () C:\Windows\system32\config\RegBack\SECURITY
2014-05-30 17:25 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 17:25 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 17:07 - 2014-06-02 09:44 - 02066944 _____ (Farbar) C:\Windows\system32\config\systemprofile\Desktop\FRST64.exe
2014-05-14 16:51 - 2014-03-26 11:52 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 16:51 - 2012-04-09 09:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 16:51 - 2012-04-09 09:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 16:51 - 2011-08-24 22:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 13:48 - 2014-05-13 10:10 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-14 13:48 - 2014-05-12 00:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3733189056-889463717-1882944409-1000
2014-05-14 09:40 - 2011-10-17 19:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2CADCB-8227-41B6-9CBC-7999A0C0E098}
2014-05-14 09:36 - 2013-09-15 09:36 - 00000282 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-05-14 09:04 - 2012-04-19 07:52 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
2014-05-14 06:58 - 2010-11-20 23:47 - 00803076 _____ () C:\Windows\PFRO.log
2014-05-12 19:03 - 2011-08-18 08:45 - 00000116 _____ () C:\Windows\NeroDigital.ini
2014-05-08 03:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-08 03:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-07 23:51 - 2014-04-27 16:44 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 23:51 - 2014-04-27 16:44 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 11:16 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 18:01

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by gary at 2014-06-02 09:48:10
Running from C:\Windows\System32\config\systemprofile\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version:  - )
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60629.2348 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0630.16.41755 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4158 - AVG Technologies)
AVG 2014 (Version: 14.0.3629 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA4000ISandA3400ISandA2400ISandA2300andA1300andA810) (Version: 1.0.0.7 - Canon Inc.)
Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.0.2.32 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.1.0 (HKLM-x32\...\SELPHY Print Contents 110) (Version: 1.1.0.16 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0630.16.41755 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0630.16.41755 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0630.16.41755 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help English (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help French (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help German (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0630.0015.41755 - ATI) Hidden
ccc-utility64 (Version: 2011.0630.16.41755 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Groove-Stream (HKLM-x32\...\groove_stream) (Version:  - Groove-Stream)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.${CAB_VERSION} - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 9 Essentials (HKLM-x32\...\{39ad1464-90e1-4583-8a87-81aad54547b0}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.7.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.7.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.0.13 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.5 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.13992 - TeamViewer GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-06-04 23:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0B558CA9-BF76-4CBE-8E68-7805D513ED71} - System32\Tasks\{FC1C0625-C699-4381-AB64-A27E832ED110} => Iexplore.exe http://ui.skype.com/ui/0/6.6.73.106.456/en/abandoninstall?page=tsWLM
Task: {0ED05C2E-90DD-4103-8481-68D2F66DBF30} - System32\Tasks\{2F9E9027-FF68-4B60-83EF-4264B6AF6289} => K:\PhotoViewer.exe
Task: {13814E67-8EAF-41A1-A2D9-FBB785F9514D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3733189056-889463717-1882944409-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {1CA3C520-479E-44E9-BAA1-967BF6DF5B77} - System32\Tasks\{DCA39B46-03E5-4634-95C5-A0DFFAF2D48E} => Iexplore.exe http://ui.skype.com/ui/0/6.6.73.106.456/en/abandoninstall?page=tsWLM
Task: {48350E1E-CED5-48AA-B9FF-D1EA64C6E75B} - System32\Tasks\{ACDD0F97-F763-4859-BB96-04DD0622A31A} => K:\PhotoViewer.exe
Task: {51A19137-153E-4292-8D9A-D954225E26BA} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: {5202E753-D0E5-4D44-B2B9-422662E957A2} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {573548FE-7C14-43C9-9BCF-01F183AE7759} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.0.13 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\SymErr.exe [2012-01-27] (Symantec Corporation)
Task: {61C963B7-2A36-4EBA-9469-645C4C183062} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {63DE02AB-4259-4BED-BD9A-6F0AD805B572} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {655D2BCC-A171-4FCB-91E7-E199432DAACD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {74BEA370-67C3-419F-95F7-AB6E74564CFD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3733189056-889463717-1882944409-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {83C78F35-C5BA-4350-9523-C6A7DE03EDC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {994ADE5D-D421-4FF5-9D10-32D8F37FEEDF} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {A85C9522-3968-48A5-B189-4C7AFC52963C} - System32\Tasks\HPCeeScheduleForGARY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {AEFBBC79-CCDF-45D9-84D0-4EB098A7D8F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {B0907CA2-629B-43FF-9BFA-BBB41258351D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C32DACCE-2507-4792-BABA-81BA0458FAE2} - System32\Tasks\EPUpdater => C:\Users\gary\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {C7E9EF9C-AD94-4D1E-BBCF-985276B7D6D4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3733189056-889463717-1882944409-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {D3DC169C-ACB0-4A68-BAE0-9CD4DCC11517} - System32\Tasks\Symantec\Norton Error Processor 18.7.0.13 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\SymErr.exe [2012-01-27] (Symantec Corporation)
Task: {D9E12BAD-7127-4726-AF82-BF0815D930C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {DEC60D12-ADDD-494C-8C5D-CC3FFEAB20D2} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {F155C3AB-A140-4C9D-A258-DF4F23352E9E} - System32\Tasks\HPCeeScheduleForgary => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F42B51B2-52EF-425A-8181-8B84C45636BC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3733189056-889463717-1882944409-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {F4BB35FA-D3BD-4A0C-91E4-01142DF62800} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-09-19] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGARY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForgary.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-09-19 11:57 - 2005-03-12 03:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-08-28 20:23 - 2013-08-28 20:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-06-30 00:14 - 2011-06-30 00:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 09:52:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (06/02/2014 09:44:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (06/02/2014 09:44:21 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (06/01/2014 01:09:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/30/2014 06:03:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/30/2014 06:02:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/30/2014 05:28:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/30/2014 05:20:55 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (05/30/2014 05:20:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (05/27/2014 01:19:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed


System errors:
=============
Error: (06/02/2014 09:54:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:51:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:50:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:50:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:49:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:49:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:48:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:48:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/02/2014 09:48:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/02/2014 09:47:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (06/02/2014 09:52:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (06/02/2014 09:44:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (06/02/2014 09:44:21 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (06/01/2014 01:09:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/30/2014 06:03:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (05/30/2014 06:02:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/30/2014 05:28:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/30/2014 05:20:55 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (05/30/2014 05:20:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (05/27/2014 01:19:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed


CodeIntegrity Errors:
===================================
  Date: 2014-05-01 19:39:53.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-01 19:39:29.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 18:23:48.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 17:19:11.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 17:17:25.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 10:05:29.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 10:03:39.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 10:03:10.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-05 08:34:55.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 10:25:46.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 5887.29 MB
Available physical RAM: 4415.07 MB
Total Pagefile: 11774.57 MB
Available Pagefile: 10143.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:444.34 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 377A4AA5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Havok10, 02 June 2014 - 09:09 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 02 June 2014 - 03:37 PM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Ask Toolbar Updater
Download Updater
Yontoo 1.10.02


Close the window.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 04 June 2014 - 03:09 PM

FIXLIST-LOG

 

Task: {63DE02AB-4259-4BED-BD9A-6F0AD805B572} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {994ADE5D-D421-4FF5-9D10-32D8F37FEEDF} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C32DACCE-2507-4792-BABA-81BA0458FAE2} - System32\Tasks\EPUpdater => C:\Users\gary\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {DEC60D12-ADDD-494C-8C5D-CC3FFEAB20D2} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [4jffxtbr@RadioRage_4j.com] - C:\Program Files (x86)\RadioRage_4j\bar\1.bin
FF Extension: RadioRage - C:\Program Files (x86)\RadioRage_4j\bar\1.bin [2012-10-13]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{b3bf2462-2082-6430-c7e4-a63aa891e65f} [2013-08-18]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
Toolbar: HKLM-x32 - RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKLM-x32 - No Name - {0cc09160-108c-4759-bab1-5c12c216e005} -  No File
SearchScopes: HKCU - {D08F90E7-DD09-4500-989D-0AA4E92E6005} URL =
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

S2 Winmgmt; C:\PROGRA~3\2992199F9A\frnggmqw.faa [X]

C:\Program Files (x86)\RadioRage_4j
C:\Program Files\Web Assistant
C:\Program Files (x86)\RegClean Pro
C:\Users\gary\AppData\Roaming\BABSOL~1
C:\PROGRA~3\2992199F9A

CMD: netsh winsock reset


Malwarebytes Anti-Malware
www.malwarebytes.org


Scan Date: 6/2/2014
Scan Time: 4:55:12 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: gary

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332030
Time Elapsed: 32 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 46
PUP.Optional.ShopAtHome.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [5ced8679304ab3835d31211deb17b24e],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [5ced8679304ab3835d31211deb17b24e],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [fb4ec13efd7dcf676d225ce2e121728e],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [fb4ec13efd7dcf676d225ce2e121728e],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, Quarantined, [4cfd25da99e143f3a959e68eb44ee61a],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, Quarantined, [e96026d93d3d77bf966cd4a07f8314ec],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}, Quarantined, [7ccdf906a3d7ac8a748e34400df5c838],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, Quarantined, [87c2d92683f7fd39c895284d4db5728e],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, Quarantined, [be8b19e658222016fa634e274bb743bd],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\babylontoolbar, Quarantined, [b4953ec13f3b73c3f272b9f37b88c23e],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [4bfe23dc83f7a294c3afbdd8e022956b],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgmfkblbflahhponhjmkcnpjinenhlnc, Quarantined, [e36698673f3b9b9bdeb6cbc11be759a7],
PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [2128718e1c5e3bfbdccbc1e9c73ced13],
PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [86c3eb141a60a78f376f872334cf11ef],
PUP.Optional.PriceGong.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [fe4bb847542680b6029ff896867c7090],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7dcc9d620c6e2f07096db40b23e0639d],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [1e2b748b1b5f67cfaaf7a1ed45bd17e9],
PUP.Optional.SavingsSidekick.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Sidekick, Quarantined, [53f68e7185f5b6809544127cde2447b9],
PUP.Optional.VidSaver.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Vid-Saver, Quarantined, [014808f75b1f2a0cb3008609e51da858],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [2a1ffa0509711d19a6b2dad641c25ca4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CR_INSTALLER\3491, Quarantined, [1c2d41be36440a2c6ee2187838cae719],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3733189056-889463717-1882944409-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [6ddce21d710954e2efb2bbd3ff03f30d],

Registry Values: 1
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ShopAtHomeWatcher, C:\Users\gary\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe, Quarantined, [b990748b1169f1456e0a3e4e39c98878]

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.Conduit.A, C:\Users\gary\AppData\Local\Temp\ct3288691, Quarantined, [a2a7629db5c5082e05ff7f0806fcf60a],
PUP.Optional.Conduit.A, C:\Users\gary\AppData\Local\Temp\ct3297861, Quarantined, [af9ac13e2951de582bd93552e121a25e],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\icons, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\icons\actions, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\api, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.VidSaver.A, C:\Users\gary\AppData\Local\Vid-Saver, Quarantined, [59f0e9169cdea0968743b8d1ae5416ea],
PUP.Optional.VidSaver.A, C:\Users\gary\AppData\Local\Vid-Saver\Chrome, Quarantined, [59f0e9169cdea0968743b8d1ae5416ea],
PUP.Optional.SavingsSidekick.A, C:\Users\gary\AppData\Local\Savings Sidekick, Quarantined, [1e2b44bb047651e52cfb632711f120e0],
PUP.Optional.SavingsSidekick.A, C:\Users\gary\AppData\Local\Savings Sidekick\Chrome, Quarantined, [1e2b44bb047651e52cfb632711f120e0],

Files: 43
Trojan.FakeMS, C:\ProgramData\vlwwjeclv.cpp, Quarantined, [d277bd425e1c57dfc2dc51519e63e719],
Trojan.Ransom.Fudo, C:\Users\gary\AppData\Roaming\Other.res, Quarantined, [0049619e136739fd1d72f18319e8b34d],
Spyware.Zbot.ED, C:\Users\gary\AppData\Local\Temp\9CAA.tmp, Quarantined, [c9805fa05a203204e60de188a75a7888],
Spyware.Zbot.ED, C:\Users\gary\AppData\Local\Temp\254B.tmp, Quarantined, [93b6dc23bebc38fe856ef07926db728e],
Spyware.Zbot.ED, C:\Users\gary\AppData\Local\Temp\1533.tmp, Quarantined, [b6934eb173078da9a84b3831a55c01ff],
Spyware.Zbot.ED, C:\Users\gary\AppData\Local\Temp\CFBB.tmp, Quarantined, [c188649b502a75c1dd16b7b29968b14f],
Trojan.Ransom.ED, C:\Users\gary\AppData\Local\Temp\~tmp6064200295431428555.tmp, Quarantined, [004904fb9ae0082ee3cb30594bb69d63],
Trojan.Agent.ED, C:\Users\gary\AppData\Local\Temp\~tmp6288955503471253825.tmp, Quarantined, [57f2ef1045351a1caa83671951b0f10f],
Trojan.Ransom.URY, C:\Users\gary\AppData\Local\Temp\~tmp7100792332668066956.tmp, Quarantined, [173208f71a60ce68d8170369a55c52ae],
PUP.Optional.Conduit, C:\Users\gary\AppData\Local\Temp\tbVuz0.dll, Quarantined, [c88197684337ed4954122f4e40c0c838],
PUP.Optional.MultiPlug.A, C:\Users\gary\AppData\Local\Temp\{6C3E19F8-3C8B-4E5D-ACB6-74A9B7DD3B0E}\Addons\extIE_setup.exe, Quarantined, [74d5689795e5bc7a4ab30d0f7a8a38c8],
PUP.Optional.MultiPlug.A, C:\Users\gary\AppData\Local\Temp\{6C3E19F8-3C8B-4E5D-ACB6-74A9B7DD3B0E}\Addons\ext_setup.exe, Quarantined, [d1780cf3f28848ee669757c52adaf60a],
PUP.Optional.EZDownloader.A, C:\Users\gary\AppData\Local\Temp\{6C3E19F8-3C8B-4E5D-ACB6-74A9B7DD3B0E}\Addons\EzDownloader_setup.exe, Quarantined, [9bae41be4a30cb6bb1b476f78c748080],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [87c221de1a608aac04127b139c669967],
Trojan.Ransom, C:\Users\gary\AppData\Roaming\wincreen.bmp, Quarantined, [e168d926ceac68ce213a319147bc728e],
Trojan.Ransom, C:\Users\gary\AppData\Roaming\wincreen.jpg, Quarantined, [5decfb04403a9d99d883447ed03352ae],
PUP.Optional.Conduit.A, C:\Users\gary\AppData\Local\Temp\ct3288691\chromeid.txt, Quarantined, [a2a7629db5c5082e05ff7f0806fcf60a],
PUP.Optional.Conduit.A, C:\Users\gary\AppData\Local\Temp\ct3288691\setup.ini.txt, Quarantined, [a2a7629db5c5082e05ff7f0806fcf60a],
PUP.Optional.Conduit.A, C:\Users\gary\AppData\Local\Temp\ct3297861\chromeid.txt, Quarantined, [af9ac13e2951de582bd93552e121a25e],
PUP.Optional.Conduit.A, C:\Users\gary\AppData\Local\Temp\ct3297861\setup.ini.txt, Quarantined, [af9ac13e2951de582bd93552e121a25e],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\background.html, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\crossriderManifest.json, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\manifest.json, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\popup.html, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\icons\icon128.png, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\icons\icon16.png, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\icons\icon48.png, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\icons\actions\icon1.png, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\background.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\api\chrome.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\api\cookie.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\api\message.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\app_api.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\async_api.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\bg_app_api.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\cookie_store.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\data_store.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\delegate.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\events.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\onBGDocumentLoad.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\reports.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.CrossRider.A, C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.41_0\js\lib\util.js, Quarantined, [7ecba65913673cfa91a21d6c3cc6c33d],
PUP.Optional.VidSaver.A, C:\Users\gary\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx, Quarantined, [59f0e9169cdea0968743b8d1ae5416ea],

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by Havok10, 04 June 2014 - 03:11 PM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 05 June 2014 - 01:40 AM

You´ve posted the wrong FRST file. I need the fixlog.txt that shows the changes that were made to the system.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 05 June 2014 - 08:26 AM

Sorry clicking on the wrong file.. here it is:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by SYSTEM at 2014-06-02 09:40:01 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk
ShortcutTarget: frnggmqw.lnk -> C:\ProgramData\2992199F9A\wqmggnrf.cpp ()
Startup: C:\Users\gman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk
ShortcutTarget: frnggmqw.lnk -> C:\ProgramData\2992199F9A\wqmggnrf.cpp ()

C:\ProgramData\7t8bnbnwlrj.fee
C:\ProgramData\7t8bnbnwlrj.zvv
C:\ProgramData\eksnoyko.dat
C:\ProgramData\eyxpawhu.dat
C:\ProgramData\hjmxqhh.dat
C:\ProgramData\phwdgrv.dat
C:\ProgramData\sojcgtx.dat
C:\ProgramData\vlcejwwlv.fee
C:\Users\gary\jqs.exe
C:\Users\gary\jucheck.exe
C:\Users\gary\AppData\Roaming\skype.dat
C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2
C:\$Recycle.Bin\S-1-5-21-3733189056-889463717-1882944409-1000
C:\ProgramData\2992199F9A    
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk => Moved successfully.
C:\ProgramData\2992199F9A\wqmggnrf.cpp => Moved successfully.
C:\Users\gman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frnggmqw.lnk => Moved successfully.
C:\ProgramData\2992199F9A\wqmggnrf.cpp not found.
C:\ProgramData\7t8bnbnwlrj.fee => Moved successfully.
C:\ProgramData\7t8bnbnwlrj.zvv => Moved successfully.
C:\ProgramData\eksnoyko.dat => Moved successfully.
C:\ProgramData\eyxpawhu.dat => Moved successfully.
C:\ProgramData\hjmxqhh.dat => Moved successfully.
C:\ProgramData\phwdgrv.dat => Moved successfully.
C:\ProgramData\sojcgtx.dat => Moved successfully.
C:\ProgramData\vlcejwwlv.fee => Moved successfully.
C:\Users\gary\jqs.exe => Moved successfully.
C:\Users\gary\jucheck.exe => Moved successfully.
C:\Users\gary\AppData\Roaming\skype.dat => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$b6ee8f0ecc4ca8a91719f0d5d4a140d2 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3733189056-889463717-1882944409-1000 => Moved successfully.
C:\ProgramData\2992199F9A => Moved successfully.

==== End of Fixlog ====



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 06 June 2014 - 02:58 AM

Looks good!

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 06 June 2014 - 04:30 PM

Here is what ESET found:

 

C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CrExtP4j.exe a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\7t8bnbnwlrj.zvv.xBAD a variant of Win64/Kryptik.FT trojan
C:\FRST\Quarantine\C\ProgramData\eyxpawhu.dat.xBAD Win32/PSW.Papras.CV trojan
C:\FRST\Quarantine\C\ProgramData\2992199F9A\wqmggnrf.cpp.xBAD Win32/Reveton.V trojan
C:\FRST\Quarantine\C\ProgramData\2992199F9A\2992199F9A\frnggmqw.faa a variant of Win64/Kryptik.FZ trojan
C:\FRST\Quarantine\C\Users\gary\AppData\Roaming\skype.dat.xBAD Win32/LockScreen.APR trojan
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\Vid-Saver\ButtonUtil.dll a variant of Win32/Toolbar.CrossRider.G potentially unwanted application
C:\Program Files (x86)\Vid-Saver\Vid-Saver-bg.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application
C:\Program Files (x86)\Vid-Saver\Vid-Saver.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
C:\ProgramData\jrlwnbnb8t7.cpp a variant of Win32/Kryptik.BXOW trojan
C:\Users\All Users\jrlwnbnb8t7.cpp a variant of Win32/Kryptik.BXOW trojan
C:\Users\gary\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\gary\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Default\aaiohbiombkiakpgaepoajnhphmobenb\background.html Win32/BHO.OEI trojan
C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Default\aaiohbiombkiakpgaepoajnhphmobenb\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan
C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\yl.js JS/Adware.Yontoo.A application
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYWVH4GS\amazon[1].htm JS/Kryptik.APU trojan
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3GXCLTA\ds06ha3yxu[1].htm JS/Exploit.Agent.NFT trojan
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3GXCLTA\dx3c1tl43a[1].htm JS/Exploit.Agent.NFT trojan
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0FEO18N\vmjygp84kz[1].htm JS/Exploit.Agent.NGV trojan
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNL173HG\setup[1].exe Win32/OutBrowse.D potentially unwanted application
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W883CDD8\gov_fbi-department_com[1].htm HTML/Ransom.O trojan
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCSQ3QJ1\fbi_govwebpolice_com[1].htm HTML/Ransom.O trojan
C:\Users\gary\AppData\Local\Microsoft\Windows Live Mail\Hotmail (bo  b0\Marc Stuff\3B5F3723-000003D5.eml HTML/TrojanSpy.Bayfraud.JK trojan
C:\Users\gary\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\gary\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\gary\AppData\Local\Temp\lnp.dll Win32/Reveton.V trojan
C:\Users\gary\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\gary\AppData\Local\Temp\tbappb.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\gary\AppData\Local\Temp\tbWhit.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\gary\AppData\Local\Temp\YontooSetup-S.exe multiple threats
C:\Users\gary\AppData\Local\Temp\78CAD6DF-BAB0-7891-AA50-9EB47DBC3C50\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\gary\AppData\Local\Temp\DM\Installer_for_adobe-flash-professional_018156\DomaIQ10v2.exe a variant of Win32/DomaIQ.A potentially unwanted application
C:\Users\gary\AppData\Local\Temp\DM\Installer_for_adobe-flash-professional_018156\WS__116-V32_10.exe Win32/Amonetize potentially unwanted application
C:\Users\gary\AppData\Local\Temp\iNTERNET Turbo\conduitinstaller.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\gary\AppData\Local\Temp\NeroInstallFiles\NERO20101008164809345\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\gary\AppData\Local\Temp\NeroInstallFiles\NERO20110926142430078\ISSetupPrerequisites\askToolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\gary\AppData\Local\Temp\nsvB26D.tmp\mypc.exe Win32/MyPCBackup.A potentially unwanted application
C:\Users\gary\AppData\Local\Temp\YontooLayers\yl.js JS/Adware.Yontoo.A application
C:\Users\gary\AppData\Local\Temp\{6C3E19F8-3C8B-4E5D-ACB6-74A9B7DD3B0E}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\gary\AppData\Local\{68158975-8225-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\gary\AppData\Local\{77F5A427-82BC-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\gary\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\gary\AppData\LocalLow\PriceGong\ext\ext_e.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\gary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1ff946cc-12472ad0 a variant of Win32/Kryptik.BXGE trojan
C:\Users\gary\Downloads\adobe-flash-professionalSetup.exe a variant of Win32/DomaIQ.A potentially unwanted application
C:\Users\gman\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A application
C:\Users\gman\AppData\LocalLow\PriceGong\ext\ext_e.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\gman\AppData\LocalLow\Vuze_Remote\hktbVuz0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\gman\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\gman\AppData\LocalLow\Vuze_Remote\tbVuz0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\gman\AppData\LocalLow\Vuze_Remote\tbVuz1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\gman\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\hk64tbVuz2.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\hktbVuz2.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\ldrtbVuz2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuz0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuz1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuz2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\hk64tbVuz2.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\hktbVuz2.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\ldrtbVuz2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuz0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuz1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuz2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 10 June 2014 - 02:02 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also



Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 10 June 2014 - 11:36 AM

FRST Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014
Ran by gary at 2014-06-10 12:11:40 Run:3
Running from C:\Users\gary\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Vid-Saver
C:\Program Files (x86)\Vuze
C:\ProgramData\jrlwnbnb8t7.cpp
C:\Users\All Users\jrlwnbnb8t7.cpp
C:\Users\gary\AppData\Local\Conduit
C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Default\aaiohbiombkiakpgaepoajnhphmobenb
C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYWVH4GS\amazon[1].htm
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3GXCLTA\ds06ha3yxu[1].htm
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3GXCLTA\dx3c1tl43a[1].htm
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0FEO18N\vmjygp84kz[1].htm
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNL173HG\setup[1].exe
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W883CDD8\gov_fbi-department_com[1].htm
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCSQ3QJ1\fbi_govwebpolice_com[1].htm
C:\Users\gary\AppData\Local\Microsoft\Windows Live Mail\Hotmail (bo  b0\Marc Stuff\3B5F3723-000003D5.eml
C:\Users\gary\AppData\Local\Temp
C:\Users\gary\AppData\Local\{68158975-8225-11E1-826D-B8AC6F996F26}
C:\Users\gary\AppData\LocalLow\ConduitEngine
C:\Users\gary\AppData\LocalLow\PriceGong
C:\Users\gary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1ff946cc-12472ad0
C:\Users\gary\Downloads\adobe-flash-professionalSetup.exe
C:\Users\gman\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0
C:\Users\gman\AppData\LocalLow\PriceGong
C:\Users\gman\AppData\LocalLow\Vuze_Remote
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vuze_Remote
 
*****************
 
C:\Program Files (x86)\Conduit => Moved successfully.
"C:\Program Files (x86)\Vid-Saver" => File/Directory not found.
 
"C:\Program Files (x86)\Vuze" directory move:
 
C:\Program Files (x86)\Vuze\aereg.dll => Moved successfully.
C:\Program Files (x86)\Vuze\aereg64.dll => Moved successfully.
C:\Program Files (x86)\Vuze\Azureus.exe => Moved successfully.
C:\Program Files (x86)\Vuze\Azureus.exe.manifest => Moved successfully.
C:\Program Files (x86)\Vuze\Azureus.exe.vmoptions => Moved successfully.
C:\Program Files (x86)\Vuze\Azureus.properties => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\Azureus2.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\AzureusUpdater.exe => Moved successfully.
C:\Program Files (x86)\Vuze\GPL.txt => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid10760.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid3408.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid3676.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid4208.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid4620.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid548.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid6244.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid6476.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid6492.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid6556.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid6704.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid7916.log => Moved successfully.
C:\Program Files (x86)\Vuze\hs_err_pid8028.log => Moved successfully.
C:\Program Files (x86)\Vuze\installer.log => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\swt.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\uninstall.exe => Moved successfully.
C:\Program Files (x86)\Vuze\Vuze.ico => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.3.7.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.3.8.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.1.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.3.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.3.zip => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.4.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.4.zip => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.7.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.7.zip => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.9.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.9.zip => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azureus.sig => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\plugin.properties => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\plugin.properties_0.4.3 => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\plugin.properties_0.4.4 => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\plugin.properties_0.4.7 => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\plugin.properties_0.4.9 => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\azupdaterpatcher_1.8.17.jar => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azupdater\azupdaterpatcher_1.9.1.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azupdater\azupdater_1.9.1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\azureus.sig => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\plugin.properties => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\plugin.properties_1.9.1 => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\Updater.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\Updater.jar.bak => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azrating\azrating_1.3.1.jar => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azrating\azrating_1.4.2.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azplugins\azplugins_2.1.6.jar => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azplugins\azplugins_2.1.7.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azitunes\azitunes_0.2.3.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\azitunes_0.2.6.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\azitunes_0.2.6.zip => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azitunes\azitunes_0.3.1.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azitunes\azitunes_0.3.1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\azureus.sig => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll.bak => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.17-M2-x64.dll => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\jacob_1.14.3.jar => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azitunes\jacob_1.17.2.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azitunes\JACOB_LICENSE.TXT => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\JACOB_README.txt => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll.bak => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess64.dll => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess_0.1.2.jar => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess_0.1.3.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\plugins\azitunes\plugin.properties => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\plugin.properties_0.2.6 => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\plugin.properties_0.3.1 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\COPYRIGHT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\README.txt => Moved successfully.
C:\Program Files (x86)\Vuze\jre\THIRDPARTYLICENSEREADME.txt => Moved successfully.
C:\Program Files (x86)\Vuze\jre\Welcome.html => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\calendars.properties => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\charsets.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\jre\lib\classlist => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\content-types.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\flavormap.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fontconfig.98.bfc => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fontconfig.98.properties.src => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fontconfig.bfc => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fontconfig.properties.src => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\jce.jar" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\jsse.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\jre\lib\jvm.hprof.txt => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\logging.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\management-agent.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\meta-index => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\net.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\plugin.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\psfont.properties.ja => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\psfontj2d.properties => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\resources.jar" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\rt.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\jre\lib\sound.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\tzmappings => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\CET => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\CST6CDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\EET => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\EST => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\EST5EDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\GMT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\HST => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\MET => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\MST => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\MST7MDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\PST8PDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\WET => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\ZoneInfoMappings => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\AST4 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\AST4ADT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\CST6 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\CST6CDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\EST5 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\EST5EDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\HST10 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\MST7 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\MST7MDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\PST8 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\PST8PDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\YST9 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\SystemV\YST9YDT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Apia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Auckland => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Chatham => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Chuuk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Easter => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Efate => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Enderbury => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Fakaofo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Fiji => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Funafuti => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Galapagos => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Gambier => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Guadalcanal => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Guam => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Honolulu => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Johnston => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Kiritimati => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Kosrae => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Kwajalein => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Majuro => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Marquesas => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Midway => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Nauru => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Niue => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Norfolk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Noumea => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Pago_Pago => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Palau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Pitcairn => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Pohnpei => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Port_Moresby => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Rarotonga => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Saipan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Tahiti => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Tarawa => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Tongatapu => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Wake => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Pacific\Wallis => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Antananarivo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Chagos => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Christmas => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Cocos => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Comoro => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Kerguelen => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Mahe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Maldives => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Mauritius => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Mayotte => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Indian\Reunion => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Amsterdam => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Andorra => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Athens => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Belgrade => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Berlin => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Brussels => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Bucharest => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Budapest => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Chisinau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Copenhagen => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Dublin => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Gibraltar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Helsinki => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Istanbul => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Kaliningrad => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Kiev => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Lisbon => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\London => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Luxembourg => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Madrid => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Malta => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Minsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Monaco => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Moscow => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Oslo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Paris => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Prague => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Riga => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Rome => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Samara => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Simferopol => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Sofia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Stockholm => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Tallinn => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Tirane => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Uzhgorod => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Vaduz => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Vienna => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Vilnius => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Volgograd => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Warsaw => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Zaporozhye => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Europe\Zurich => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+1 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+10 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+11 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+12 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+2 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+3 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+4 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+5 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+6 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+7 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+8 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT+9 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-1 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-10 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-11 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-12 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-13 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-14 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-2 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-3 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-4 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-5 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-6 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-7 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-8 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\GMT-9 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\UCT => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Etc\UTC => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Adelaide => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Brisbane => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Broken_Hill => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Currie => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Darwin => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Eucla => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Hobart => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Lindeman => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Lord_Howe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Melbourne => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Perth => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Australia\Sydney => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Azores => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Bermuda => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Canary => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Cape_Verde => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Faroe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Madeira => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Reykjavik => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\South_Georgia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\Stanley => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Atlantic\St_Helena => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Aden => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Almaty => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Amman => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Anadyr => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Aqtau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Aqtobe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Ashgabat => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Baghdad => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Bahrain => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Baku => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Bangkok => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Beirut => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Bishkek => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Brunei => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Choibalsan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Chongqing => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Colombo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Damascus => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Dhaka => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Dili => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Dubai => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Dushanbe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Gaza => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Harbin => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Hong_Kong => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Hovd => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Ho_Chi_Minh => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Irkutsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Jakarta => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Jayapura => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Jerusalem => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kabul => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kamchatka => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Karachi => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kashgar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kathmandu => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kolkata => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Krasnoyarsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kuala_Lumpur => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kuching => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Kuwait => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Macau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Magadan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Makassar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Manila => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Muscat => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Nicosia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Novokuznetsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Novosibirsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Omsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Oral => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Phnom_Penh => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Pontianak => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Pyongyang => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Qatar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Qyzylorda => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Rangoon => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Riyadh => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Riyadh87 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Riyadh88 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Riyadh89 => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Sakhalin => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Samarkand => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Seoul => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Shanghai => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Singapore => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Taipei => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Tashkent => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Tbilisi => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Tehran => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Thimphu => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Tokyo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Ulaanbaatar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Urumqi => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Vientiane => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Vladivostok => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Yakutsk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Yekaterinburg => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Asia\Yerevan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Casey => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Davis => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\DumontDUrville => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Macquarie => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Mawson => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\McMurdo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Palmer => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Rothera => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Syowa => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Antarctica\Vostok => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Adak => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Anchorage => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Anguilla => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Antigua => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Araguaina => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Aruba => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Asuncion => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Atikokan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Bahia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Bahia_Banderas => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Barbados => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Belem => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Belize => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Blanc-Sablon => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Boa_Vista => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Bogota => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Boise => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Cambridge_Bay => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Campo_Grande => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Cancun => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Caracas => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Cayenne => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Cayman => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Chicago => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Chihuahua => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Costa_Rica => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Cuiaba => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Curacao => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Danmarkshavn => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Dawson => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Dawson_Creek => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Denver => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Detroit => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Dominica => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Edmonton => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Eirunepe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\El_Salvador => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Fortaleza => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Glace_Bay => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Godthab => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Goose_Bay => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Grand_Turk => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Grenada => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Guadeloupe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Guatemala => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Guayaquil => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Guyana => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Halifax => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Havana => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Hermosillo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Inuvik => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Iqaluit => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Jamaica => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Juneau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\La_Paz => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Lima => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Los_Angeles => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Maceio => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Managua => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Manaus => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Martinique => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Matamoros => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Mazatlan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Menominee => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Merida => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Mexico_City => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Miquelon => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Moncton => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Monterrey => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Montevideo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Montreal => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Montserrat => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Nassau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\New_York => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Nipigon => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Nome => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Noronha => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Ojinaga => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Panama => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Pangnirtung => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Paramaribo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Phoenix => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Port-au-Prince => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Porto_Velho => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Port_of_Spain => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Puerto_Rico => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Rainy_River => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Rankin_Inlet => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Recife => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Regina => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Resolute => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Rio_Branco => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Santarem => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Santa_Isabel => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Santiago => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Santo_Domingo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Sao_Paulo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Scoresbysund => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\St_Johns => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\St_Kitts => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\St_Lucia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\St_Thomas => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\St_Vincent => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Swift_Current => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Tegucigalpa => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Thule => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Thunder_Bay => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Tijuana => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Toronto => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Tortola => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Vancouver => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Whitehorse => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Winnipeg => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Yakutat => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Yellowknife => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\North_Dakota\Center => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\North_Dakota\New_Salem => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Kentucky\Louisville => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Kentucky\Monticello => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Indianapolis => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Knox => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Marengo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Petersburg => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Tell_City => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Vevay => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Vincennes => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Indiana\Winamac => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Buenos_Aires => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Catamarca => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Cordoba => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Jujuy => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\La_Rioja => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Mendoza => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Rio_Gallegos => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Salta => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\San_Juan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\San_Luis => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Tucuman => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\America\Argentina\Ushuaia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Abidjan => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Accra => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Addis_Ababa => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Algiers => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Asmara => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Bamako => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Bangui => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Banjul => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Bissau => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Blantyre => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Brazzaville => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Bujumbura => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Cairo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Casablanca => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Ceuta => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Conakry => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Dakar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Dar_es_Salaam => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Djibouti => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Douala => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\El_Aaiun => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Freetown => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Gaborone => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Harare => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Johannesburg => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Kampala => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Khartoum => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Kigali => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Kinshasa => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Lagos => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Libreville => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Lome => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Luanda => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Lubumbashi => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Lusaka => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Malabo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Maputo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Maseru => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Mbabane => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Mogadishu => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Monrovia => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Nairobi => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Ndjamena => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Niamey => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Nouakchott => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Ouagadougou => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Porto-Novo => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Sao_Tome => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Tripoli => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Tunis => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\zi\Africa\Windhoek => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\servicetag\jdk_header.png => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\servicetag\registration.xml => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\blacklist => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\cacerts => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\java.policy => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\java.security => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\javaws.policy => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\local_policy.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\trusted.libraries => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\security\US_export_policy.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\management\jmxremote.access => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\management\jmxremote.password.template => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\management\management.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\management\snmp.acl.template => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\cursors.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\invalid32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\win32_CopyDrop32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\win32_LinkDrop32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\win32_MoveDrop32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\im\indicim.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\im\thaiim.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\i386\jvm.cfg => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaBrightDemiBold.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaBrightDemiItalic.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaBrightItalic.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaBrightRegular.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaSansDemiBold.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaSansRegular.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaTypewriterBold.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\fonts\LucidaTypewriterRegular.ttf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\ext\dnsns.jar => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\ext\localedata.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\jre\lib\ext\meta-index => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\ext\sunjce_provider.jar" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Vuze\jre\lib\ext\sunmscapi.jar" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze\jre\lib\ext\sunpkcs11.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\ffjcext.zip => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\lzma.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_de.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_es.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_fr.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_it.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_ja.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_ko.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_pt_BR.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_sv.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_zh_CN.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_zh_HK.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\messages_zh_TW.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\splash.gif => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\jqs.conf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\jqsmessages.properties => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ie\jqs_plugin.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff\chrome.manifest => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff\install.rdf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff\chrome\content\overlay.js => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\deploy\jqs\ff\chrome\content\overlay.xul => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\cmm\CIEXYZ.pf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\cmm\GRAY.pf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\cmm\LINEAR_RGB.pf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\cmm\PYCC.pf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\cmm\sRGB.pf => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\awt.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\axbridge.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\cmm.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\dcpr.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\deploy.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\deployJava1.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\dt_shmem.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\dt_socket.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\eula.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\fontmanager.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\hpi.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\hprof.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\instrument.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\ioser12.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\j2pcsc.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\j2pkcs11.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jaas_nt.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\java-rmi.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\java.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\java.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\javacpl.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\javaw.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\java_crw_demo.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jawt.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jbroker.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\JdbcOdbc.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jdwp.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jkernel.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jli.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jp2iexp.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jp2launcher.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jp2native.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jp2ssv.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jpeg.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jpicom.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jpiexp.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jpinscp.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jpioji.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jpishare.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jqs.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jqsnotify.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jsound.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\jsoundds.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\keytool.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\kinit.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\klist.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\ktab.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\management.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\mlib_image.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\msvcr71.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\msvcrt.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\net.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\nio.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\npdeployJava1.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\npjpi160_23.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\npoji610.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\npt.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\orbd.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\pack200.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\policytool.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\regutils.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\rmi.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\rmid.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\rmiregistry.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\servertool.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\splashscreen.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\ssv.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\ssvagent.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\sunmscapi.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\tnameserv.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\unicows.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\unpack.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\unpack200.exe => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\verify.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\w2k_lsa_auth.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\wsdetect.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\zip.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\new_plugin\msvcr71.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\new_plugin\npdeployJava1.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\new_plugin\npjp2.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\client\classes.jsa => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\client\jvm.dll => Moved successfully.
C:\Program Files (x86)\Vuze\jre\bin\client\Xusage.txt => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\Adobe Error Toolkit.url => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\Adobe Training DVD's.url => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\Adobe Training Manuals.url => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\INSTALLING INSTRUCTIONS.txt => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRawProfile6.0All\AdobeCameraRawProfile6.0All.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRawProfile6.0All\AdobeCameraRawProfile6.0All.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\6.3.050.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\AdobeCameraRaw6.0All-x64-181110113758.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\AdobeCameraRaw6.0All-x64-181110113758.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\Assets2_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64-181110113758\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64\AdobeCameraRaw6.0All-x64.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64\AdobeCameraRaw6.0All-x64.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64\Assets2_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-x64\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\6.3.050.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\AdobeCameraRaw6.0All-181110111544.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\AdobeCameraRaw6.0All-181110111544.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\Assets2_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All-181110111544\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All\AdobeCameraRaw6.0All.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All\AdobeCameraRaw6.0All.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All\Assets2_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeCameraRaw6.0All\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\AdobeBridge4.1-mul.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\AdobeBridge4.1-mul.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\Assets1_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\Assets2_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\customaction.data => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeBridge4.1-mul\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101_x64-mul\AdobeAPE3.101_x64-mul.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101_x64-mul\AdobeAPE3.101_x64-mul.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101_x64-mul\Assets1_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101_x64-mul\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101_x64-mul\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101_x64-mul\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101-mul\AdobeAPE3.101-mul.boot.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101-mul\AdobeAPE3.101-mul.proxy.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101-mul\Assets1_1.zip => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101-mul\Install.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101-mul\media.sql => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\payloads\AdobeAPE3.101-mul\Media_db.db => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\install.sig => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\UWA\UWA.pima => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\UWA\UWA.pimx => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\LWA\LWA.pima => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\LWA\LWA.pimx => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\DWA\DWA.pima => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\DWA\DWA.pimx => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\core\PDApp.pima => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\packages\core\PDApp.pimx => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\Deployment\en_GB_Deployment.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\Deployment\en_GB_Deployment_x64.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\Deployment\en_GB_Hybrid_Deployment.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\Deployment\en_US_Deployment.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\Deployment\en_US_Deployment_x64.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\SOFTWARE\Deployment\en_US_Hybrid_Deployment.xml => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\HOSTS SET-UP\hosts => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\HOSTS SET-UP\HOSTS SETUP.doc => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\HOSTS SET-UP\HOSTS SETUP.pdf => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\HOSTS SET-UP\How to Edit the Hosts File.wmv => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\HOSTS SET-UP\IMPORTANT SO READ FIRST.txt => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\DLL FILE\IMPORTANT.txt => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\DLL FILE\Original - 64bit\amtlib.dll => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\DLL FILE\Original - 32bit\amtlib.dll => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\DLL FILE\64bit\amtlib.dll => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\DLL FILE\32bit\amtlib.dll => Moved successfully.
C:\Program Files (x86)\Vuze\Adobe Photoshop CS5.1 Extended Edition\ADOBE READ ME'S\Photoshop CS5.1 Read Me.pdf => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\autoUninstall.0 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\autoUninstall.1 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\autoUninstall.2 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\autoUninstall.3 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\autoUninstall.4 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\files.log => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4jdel.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4jinst.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4jparams.conf => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4jruntime.jar => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_0_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_10_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_11_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_12_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_13_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_14_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_14_5p83tu_1q2vg51.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_15_5p83tu_1q2vg51.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_15_5p83tu_1rjd818.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_16_5p83tu_1rjd818.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_16_5p83tu_qin5kk.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_17_5p83tu_qin5kk.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_17_5p83tu_xza4ha.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_18_5p83tu_19c5po3.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_18_5p83tu_xza4ha.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_19_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_19_5p83tu_19c5po3.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_19_5p83tu_rz1c2y.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_1_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu_1dcx5tw.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_21_5p83tu.html => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_21_5p83tu_19c5po3.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_21_5p83tu_u3neew.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_22_5p83tu_10qu06u.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_22_5p83tu_1dcx5tw.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_22_5p83tu_rz1c2y.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_23_5p83tu.html => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_23_5p83tu_1pn3dfg.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_23_5p83tu_bm8amj.ico => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_24_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_24_5p83tu_2p31hf.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_24_5p83tu_z1x7tn.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_25_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_25_5p83tu.html => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_25_5p83tu.jpg => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_26_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_26_5p83tu_rz1c2y.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu_bm8amj.ico => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_28_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_28_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_29_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_29_5p83tu_10qu06u.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_2_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_30_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_30_5p83tu_1efhqvy.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu_1efhqvy.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu_1glvfkw.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu_10qu06u.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu_1pn3dfg.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_33_5p83tu.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_33_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_33_5p83tu_z1x7tn.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_34_5p83tu.jpg => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_34_5p83tu_10qu06u.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_34_5p83tu_1pn3dfg.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_35_5p83tu.exe => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_35_5p83tu_z1x7tn.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_36_5p83tu_1pn3dfg.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_37_5p83tu_z1x7tn.png => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_38_5p83tu.jpg => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_3_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_4_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_5_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_6_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_7_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_8_5p83tu.utf8 => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_9_5p83tu.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\install.prop => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\installation.log => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\inst_jre.cfg => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\MessagesDefault => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\pref_jre.cfg => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\response.varfile => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\stats.properties => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\unicows.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\user.jar => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\_shfoldr.dll => Moved successfully.
C:\Program Files (x86)\Vuze\.install4j\user\mism.exe => Moved successfully.
Could not move "C:\Program Files (x86)\Vuze" directory. => Scheduled to move on reboot.
 
"C:\ProgramData\jrlwnbnb8t7.cpp" => File/Directory not found.
"C:\Users\All Users\jrlwnbnb8t7.cpp" => File/Directory not found.
C:\Users\gary\AppData\Local\Conduit => Moved successfully.
C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Default\aaiohbiombkiakpgaepoajnhphmobenb => Moved successfully.
"C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1" => File/Directory not found.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYWVH4GS\amazon[1].htm => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3GXCLTA\ds06ha3yxu[1].htm => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3GXCLTA\dx3c1tl43a[1].htm => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0FEO18N\vmjygp84kz[1].htm => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNL173HG\setup[1].exe => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W883CDD8\gov_fbi-department_com[1].htm => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCSQ3QJ1\fbi_govwebpolice_com[1].htm => Moved successfully.
C:\Users\gary\AppData\Local\Microsoft\Windows Live Mail\Hotmail (bo  b0\Marc Stuff\3B5F3723-000003D5.eml => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-10 12:17:59)<=
 
==> ATTENTION: System is not rebooted.
C:\Program Files (x86)\Vuze\Azureus2.jar => Moved successfully.
C:\Program Files (x86)\Vuze\swt.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupnpav\azupnpav_0.4.9.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azupdater\azupdaterpatcher_1.9.1.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azrating\azrating_1.4.2.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azplugins\azplugins_2.1.7.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\azitunes_0.3.1.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\jacob_1.17.2.jar => Moved successfully.
C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess_0.1.3.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\charsets.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\jce.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\jsse.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\resources.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\rt.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\ext\localedata.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\ext\sunjce_provider.jar => Moved successfully.
C:\Program Files (x86)\Vuze\jre\lib\ext\sunmscapi.jar => Moved successfully.
C:\Program Files (x86)\Vuze => Moved successfully.
 
==== End of Fixlog ====
# AdwCleaner v3.212 - Report created 10/06/2014 at 12:21:39
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : gary - GARY-HP
# Running from : C:\Users\gary\Desktop\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\pc performer manager
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Users\gary\AppData\Local\PackageAware
Folder Deleted : C:\Users\gary\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\gary\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\gary\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\gary\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\gary\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\gary\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\gary\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\gary\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\gary\AppData\Roaming\Systweak
Folder Deleted : C:\Users\gman\AppData\Local\visi_coupon
Folder Deleted : C:\Users\gman\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\gman\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\gman\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\gman\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\ConduitCommon
Folder Deleted : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\Smartbar
Folder Deleted : C:\Users\gman\AppData\Local\Google\Chrome\User Data\Default\Extensions\appfhdomleefdliipjkhhdiojfahkgjb
File Deleted : C:\END
File Deleted : C:\Users\gary\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\searchplugins\bProtect.xml
File Deleted : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\user.js
File Deleted : C:\Users\gman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
File Deleted : C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
File Deleted : C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\dsmonitor.job
File Deleted : C:\Windows\System32\Tasks\dsmonitor
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\gary\Desktop\Search.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKCU\Software\faeefddbdecedct
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-burning-rom[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-burning-rom[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-burning-rom_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_nero-burning-rom_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033503360}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\gzsu7gld.default\prefs.js ]
 
Line Deleted : user_pref("CT2504091.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.FirstTime", "true");
Line Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2504091.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MzE5OTE2NA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MDMxMzkyNQ==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MDMxMzkyNQ==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3OTg3NTQyMA==");
Line Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=yahoo.com&l=www.yahoo.com&t=2&v=0.5&d=conduit2.enc", "MTM3OTg3NDQ5MQ==");
Line Deleted : user_pref("CT2504091.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2504091.PG_ENABLE", "ZmFsc2U=");
Line Deleted : user_pref("CT2504091.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT2504091.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT2504091.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT2504091.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT2504091.SF_USER_ID.enc", "Y2lkXzc3MjAxMzgxMjQzMzI2ODc5Mg==");
Line Deleted : user_pref("CT2504091.SearchAppState.enc", "Mw==");
Line Deleted : user_pref("CT2504091.SearchAppTracking.enc", "c2VudA==");
Line Deleted : user_pref("CT2504091.UserID", "UN95799575387314263");
Line Deleted : user_pref("CT2504091._key_cl_active", "%EA%B9%BB%B8%BB%EC%B9%BF%B3%B9%BC%B9%EA%B3%BA%EA%BF%E9%B3%E7%E7%BA%E9%B3%B6%BB%EA%BD%E8%EB%BE%B6%BE%EB%BD%B6");
Line Deleted : user_pref("CT2504091._key_cl_active.enc", "ZDM1MjVmMzktMzYzZC00ZDljLWFhNGMtMDVkN2JlODA4ZTcw");
Line Deleted : user_pref("CT2504091.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Line Deleted : user_pref("CT2504091.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2504091.cb_experience_000", "%B8");
Line Deleted : user_pref("CT2504091.cb_experience_000.enc", "Mg==");
Line Deleted : user_pref("CT2504091.cb_firstuse0100", "%B7");
Line Deleted : user_pref("CT2504091.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT2504091.cb_user_id_000.enc", "Q0I0MDk2MjIzMjc3NDZfMTM3MzE5ODg1OTU3OV9GaXJlZm94");
Line Deleted : user_pref("CT2504091.cbcountry_001.enc", "VVM=");
Line Deleted : user_pref("CT2504091.cbfirsttime.enc", "VHVlIEp1bCAyNCAyMDEyIDE4OjMxOjU2IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT2504091.countryCode", "US");
Line Deleted : user_pref("CT2504091.defaultSearch", "true");
Line Deleted : user_pref("CT2504091.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT2504091.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc5ODc0NDkwMTk5LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT2504091.discover-user-id.enc", "Ijk3OTVjMzZlLTMyMTMtNDBlZi05Y2I0LTBiNGU1ZGQzZTJkYiI=");
Line Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2504091.enableAlerts", "false");
Line Deleted : user_pref("CT2504091.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2504091.fixUrls", true);
Line Deleted : user_pref("CT2504091.fullUserID", "UN95799575387314263.UP.20130707081156");
Line Deleted : user_pref("CT2504091.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2504091.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2504091.isNewTabEnabled", true);
Line Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2504091.keyword", true);
Line Deleted : user_pref("CT2504091.lastVersion", "10.20.1.508");
Line Deleted : user_pref("CT2504091.mam_gk_appStateReportTime", "%B7%B9%BF%BA%B7%BA%BB%BF%BC%BC%B9%BD%B6");
Line Deleted : user_pref("CT2504091.mam_gk_appStateReportTime.enc", "MTM5NDE0NTk2NjM3MA==");
Line Deleted : user_pref("CT2504091.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT2504091.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_Piclickuitest1.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT2504091.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT2504091.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT2504091.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT2504091.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT2504091.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Line Deleted : user_pref("CT2504091.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Line Deleted : user_pref("CT2504091.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT2504091.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT2504091.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT2504091.mam_gk_lastLoginTime", "%B7%B9%BF%BA%B7%BA%BB%BF%BC%BC%BA%BA%BD");
Line Deleted : user_pref("CT2504091.mam_gk_lastLoginTime.enc", "MTM5NDE0NTk2NjQ0Nw==");
Line Deleted : user_pref("CT2504091.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT2504091.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT2504091.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT2504091.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU3XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT2504091.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT2504091.mam_gk_settings1.13.0.17", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Line Deleted : user_pref("CT2504091.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAzMDciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSyI6Ikg0c0lBQUFBQUFBRUFPeTl[...]
Line Deleted : user_pref("CT2504091.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDhfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT2504091.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDhfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT2504091.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT2504091.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT2504091.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT2504091.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT2504091.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT2504091.mam_gk_userBornDate", "%D4%B5%C7");
Line Deleted : user_pref("CT2504091.mam_gk_userBornDate.enc", "Ti9B");
Line Deleted : user_pref("CT2504091.mam_gk_userId", "%B9%BC%BE%EC%E7%B9%E7%BD%B3%B8%BB%E9%BE%B3%BA%BF%BB%BC%B3%BE%BD%EB%EA%B3%BF%B9%E7%BF%EC%B8%EC%B6%BB%BB%B9%B8");
Line Deleted : user_pref("CT2504091.mam_gk_userId.enc", "MzY4ZmEzYTctMjVjOC00OTU2LTg3ZWQtOTNhOWYyZjA1NTMy");
Line Deleted : user_pref("CT2504091.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT2504091.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT2504091.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT2504091.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT2504091.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsaymg%2F3%2F%3Fsubid%3D1957902\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Line Deleted : user_pref("CT2504091.openThankYouPage", "false");
Line Deleted : user_pref("CT2504091.openUninstallPage", "false");
Line Deleted : user_pref("CT2504091.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q=");
Line Deleted : user_pref("CT2504091.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/26\\\\/2012 15\\\"}\"}");
Line Deleted : user_pref("CT2504091.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT2504091.rematchGround.upstairs", "ā%A8%EE%FA%FA%F6%C0%B5%B5%EC%E7%F9%FA%E9%F5%F4%FA%EB%F4%FA%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%EA%F5%FD%F4%F2%F5%E7%EA%E5%F5%EC%EC%EB%F8%F9%B4%EE[...]
Line Deleted : user_pref("CT2504091.rematchGround.upstairs.enc", "eyJodHRwOi8vZmFzdGNvbnRlbnQuY29uZHVpdC5jb20vZG93bmxvYWRfb2ZmZXJzLmh0bWw/Y3RpZD1DVDI1MDQwOTF+YjEwNDN+YzAmaXNtYW5hZ2VkPXRydWUiOjEzOTQxMTU5MjQ0Mjh9");
Line Deleted : user_pref("CT2504091.rematchagent-is-test-user", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT2504091.rematchagent-is-test-user.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT2504091.rematchagent-matkot-user-id", "%A8%B7%B9%BF%BA%B7%B7%BB%BE%B8%BD%B8%BE%BA%B8%BD%B8%B9%BA%BB%BC%A8");
Line Deleted : user_pref("CT2504091.rematchagent-matkot-user-id.enc", "IjEzOTQxMTU4MjcyODQyNzIzNDU2Ig==");
Line Deleted : user_pref("CT2504091.rematchagent-periodic-reports", "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BF%BA%B7%B7%BB%BD%BE%B7%BE%B6%BE%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă");
Line Deleted : user_pref("CT2504091.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzk0MTE1NzgxODA4LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Line Deleted : user_pref("CT2504091.search.searchCount", "2");
Line Deleted : user_pref("CT2504091.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VuzeRemote.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote \"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_services_Configuration_lastUpdate", "1394119751866");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1394115744692");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1343169115634");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1394158180910");
Line Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1394115745250");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346054125515");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352677328215");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.13.40.15_lastUpdate", "1373198956588");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.16.4.519_lastUpdate", "1376830943293");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377285600906");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.19.2.505_lastUpdate", "1379873958953");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380251809284");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.20.1.508_lastUpdate", "1394145962880");
Line Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1351890035359");
Line Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1394115745211");
Line Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1394119751794");
Line Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1394115743376");
Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1394115745299");
Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1394158180817");
Line Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1394115744860");
Line Deleted : user_pref("CT2504091.serviceLayer_services_userApps_lastUpdate", "1373198956562");
Line Deleted : user_pref("CT2504091.settingsINI", true);
Line Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2504091.showToolbarPermission", "false");
Line Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Line Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2504091.smartbar.homepage", true);
Line Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Line Deleted : user_pref("CT2504091.toolbarBornServerTime", "25-7-2012");
Line Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "7-3-2014");
Line Deleted : user_pref("CT2504091.toolbarLoginClientTime", "Sun Jul 07 2013 08:12:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT2504091.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%F2%F5%ED%EF%F4%B4%FF%E7%EE%F5%F5%B4%E9%F5%F3%B5%E9%F5%F4%EC%EF%ED%B5%F2%F5%ED%EF%F4%C5%F2%F5%ED%F5%FB%FA%C3%B7%AC%B4%F9%F8%E9%C3%FF%F3%AC%[...]
Line Deleted : user_pref("CT2504091.url_history0001.enc", "aHR0cDovL2xvZ2luLnlhaG9vLmNvbS9jb25maWcvbG9naW4/bG9nb3V0PTEmLnNyYz15bSYuaW50bD11cyYuZGlyZWN0PTImLmRvbmU9aHR0cDovL3d3dy55YWhvby5jb20mLmxhc3Q9aHR0cDovL21haWwu[...]
Line Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1394115734604,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3227982..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3227982..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3227982..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3227982.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3227982.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Line Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_129973513209987959", true);
Line Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_1367226254000", true);
Line Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_9221552460232570768", true);
Line Deleted : user_pref("CT3227982.CTID", "CT3227982");
Line Deleted : user_pref("CT3227982.ConfigurationLastCheckTime", "Thu Mar 06 2014 09:22:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.CurrentServerDate", "6-3-2014");
Line Deleted : user_pref("CT3227982.DSChangedManually", false);
Line Deleted : user_pref("CT3227982.DSInstall", true);
Line Deleted : user_pref("CT3227982.DSProtectChoice", true);
Line Deleted : user_pref("CT3227982.DSProtectCount", 16);
Line Deleted : user_pref("CT3227982.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3227982.DialogsGetterLastCheckTime", "Thu Mar 06 2014 09:22:16 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3227982.EMailNotifierPollDate", "Mon Aug 27 2012 07:40:47 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3227982.FirstServerDate", "27-8-2012");
Line Deleted : user_pref("CT3227982.FirstTime", true);
Line Deleted : user_pref("CT3227982.FirstTimeFF3", true);
Line Deleted : user_pref("CT3227982.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT3227982.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT3227982.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3227982.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3227982.HPInstall", true);
Line Deleted : user_pref("CT3227982.HPProtectChoice", true);
Line Deleted : user_pref("CT3227982.HPProtectCount", 3);
Line Deleted : user_pref("CT3227982.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3227982.HomePageProtectorEnabled", true);
Line Deleted : user_pref("CT3227982.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Line Deleted : user_pref("CT3227982.Initialize", true);
Line Deleted : user_pref("CT3227982.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3227982.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3227982.InstallationId", "installbrain");
Line Deleted : user_pref("CT3227982.InstallationType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT3227982.InstalledDate", "Sun Aug 26 2012 19:51:27 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3227982.InvalidateCache", false);
Line Deleted : user_pref("CT3227982.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3227982.IsGrouping", false);
Line Deleted : user_pref("CT3227982.IsInitSetupIni", true);
Line Deleted : user_pref("CT3227982.IsMulticommunity", false);
Line Deleted : user_pref("CT3227982.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT3227982.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3227982.IsProtectorsInit", true);
Line Deleted : user_pref("CT3227982.LanguagePackLastCheckTime", "Thu Mar 06 2014 09:22:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3227982.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3227982.LastLogin_3.15.0.0", "Sun Aug 26 2012 19:51:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3227982.LastLogin_3.15.1.0", "Sun Nov 11 2012 18:40:11 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.LastLogin_3.16.0.3", "Sun Jul 07 2013 08:07:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3227982.LastLogin_3.18.0.7", "Sun Aug 18 2013 09:00:18 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.LastLogin_3.19.0.3", "Sun Sep 22 2013 14:17:17 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.LastLogin_3.20.0.4", "Thu Mar 06 2014 09:22:25 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT3227982.Locale", "en");
Line Deleted : user_pref("CT3227982.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3227982.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT3227982.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3227982.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3227982.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3227982.OriginalFirstVersion", "3.15.0.0");
Line Deleted : user_pref("CT3227982.RadioIsPodcast", false);
Line Deleted : user_pref("CT3227982.RadioLastCheckTime", "Sun Aug 26 2012 19:51:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3227982.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3227982.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3227982.RadioMediaID", "9962");
Line Deleted : user_pref("CT3227982.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3227982.RadioMenuSelectedID", "EBRadioMenu_CT32279829962");
Line Deleted : user_pref("CT3227982.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3227982.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3227982.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3227982.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT3227982.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13");
Line Deleted : user_pref("CT3227982.SearchAPILastCheckTime", "Thu Mar 06 2014 09:22:28 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.SearchBoxWidth", 340);
Line Deleted : user_pref("CT3227982.SearchCaption", "appbario8 Customized Web Search");
Line Deleted : user_pref("CT3227982.SearchEngineBeforeUnload", "appbario8 Customized Web Search");
Line Deleted : user_pref("CT3227982.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3227982.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3227982.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3227982.SearchInNewTabLastCheckTime", "Sun Sep 22 2013 14:17:16 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3227982.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT3227982&octid=CT3227982&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT3227982.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT3227982.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3227982.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3227982.ServiceMapLastCheckTime", "Thu Mar 06 2014 09:22:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.SettingsLastCheckTime", "Thu Mar 06 2014 09:22:15 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.SettingsLastUpdate", "1393929099");
Line Deleted : user_pref("CT3227982.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Line Deleted : user_pref("CT3227982.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3227982.ThirdPartyComponentsLastCheck", "Sat Feb 08 2014 09:35:22 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT3227982.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3227982.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227982");
Line Deleted : user_pref("CT3227982.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,OurToolbar.com,CommunityToolbar[...]
Line Deleted : user_pref("CT3227982.UserID", "UN31071415299418165");
Line Deleted : user_pref("CT3227982.ValidationData_Search", 2);
Line Deleted : user_pref("CT3227982.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3227982.alertChannelId", "1663751");
Line Deleted : user_pref("CT3227982.approveUntrustedApps", false);
Line Deleted : user_pref("CT3227982.autoDisableScopes", 0);
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e06cg5el8:", "6E6D69727073726D776F");
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736F78767978737D75242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A5562666D594222625D6D7B7A614A636[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT3227982.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT3227982.backendstorage./9b-0?3g>d", "3B3A6E726F726F427A6F767345204C757A782523237C522A2724532A252D262A2C28325E");
Line Deleted : user_pref("CT3227982.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT3227982.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT3227982.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT3227982.backendstorage./9b/556,bi5a>g", "6E6C716D6C71726F7477707179");
Line Deleted : user_pref("CT3227982.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT3227982.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("CT3227982.backendstorage./9b5ba==9cjag", "6E3C716D406C726E7A754644774A757B7E7D4F797E");
Line Deleted : user_pref("CT3227982.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D69727073726D7672747678");
Line Deleted : user_pref("CT3227982.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
Line Deleted : user_pref("CT3227982.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3227982.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3227982.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3227982.backendstorage./9b<:222h64<l8daj", "6D7070707673747976712A797872787B757B7B");
Line Deleted : user_pref("CT3227982.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3227982.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3227982.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3227982.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Deleted : user_pref("CT3227982.backendstorage.acp_personal.appstate", "656E61626C65");
Line Deleted : user_pref("CT3227982.backendstorage.bbactive", "796573");
Line Deleted : user_pref("CT3227982.backendstorage.bbid", "34633066646134636631633165346133");
Line Deleted : user_pref("CT3227982.backendstorage.bday_installdate", "32362D37");
Line Deleted : user_pref("CT3227982.backendstorage.bday_installfromtoolbar", "796573");
Line Deleted : user_pref("CT3227982.backendstorage.cb_experience_000", "3533");
Line Deleted : user_pref("CT3227982.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT3227982.backendstorage.cb_user_id_000", "43423836353237363338343934305F46697265666F78");
Line Deleted : user_pref("CT3227982.backendstorage.cbcountry_001", "5553");
Line Deleted : user_pref("CT3227982.backendstorage.cbfirsttime", "536174204E6F7620313720323031322030383A35343A303420474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT3227982.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT3227982.backendstorage.ct3227982ads1", "25374225323261647325323225334125354225374225323261696425323225334125323233363733322532322532432532327469746C652532322533412532322575323731332532304[...]
Line Deleted : user_pref("CT3227982.backendstorage.ct3227982current_term", "7777772E7961686F6F2E636F6D");
Line Deleted : user_pref("CT3227982.backendstorage.ct3227982sdate", "3236");
Line Deleted : user_pref("CT3227982.backendstorage.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F705F6E61222C2276657273696F6E223A31307D");
Line Deleted : user_pref("CT3227982.backendstorage.discover-periodic-reports", "7B2270696E675F30223A5B313337393837343438353839382C31343430303030305D7D");
Line Deleted : user_pref("CT3227982.backendstorage.discover-user-id", "2235353066383062652D326432312D346465342D616465312D37623432623563323535353322");
Line Deleted : user_pref("CT3227982.backendstorage.ground-country-code", "22555322");
Line Deleted : user_pref("CT3227982.backendstorage.impression_session_counter", "30");
Line Deleted : user_pref("CT3227982.backendstorage.impression_session_id", "2230373464303634632D336637642D343632642D623361362D62363161633134656634646122");
Line Deleted : user_pref("CT3227982.backendstorage.impression_session_last_active", "31333739383734343836323535");
Line Deleted : user_pref("CT3227982.backendstorage.last_client_stats_submit_2", "31333733313938383636");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_last_submit_6", "31333830323334363335");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_site_irrelevant", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_site_new", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_site_not_supported", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_site_supported", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_use_history", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_use_pop", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_use_related", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_stats_stats_use_typed", "30");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333830323334363335");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported", "31333737333639393739");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=amc%20movie%20theaters&l=www.amctheatres.com&t=2&v=0.4&d=conduit2", "31333733313938393230");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=best%20parking%20nyc&l=nyc.bestparking.com&t=2&v=0.4&d=conduit2", "31333737323837303334");
Line Deleted : user_pref("CT3227982.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=www.bestparking.com&l=nyc.bestparking.com&t=2&v=0.4&d=conduit2", "31333737333639393737");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_acplus", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_discover", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_piclickv2-websearch", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_appstatereporttime", "31333830333238323931353335");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225069636C69636B56322D576562536561726368222C22637269746572696173223A5B7B22637269746572696149[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_lastlogintime", "31333830333238323931393739");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_mamenabled", "74727565");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_settings1.10.2.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238365F31222C22697354657374223[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2233355F30222C22697354657374223[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2233355F30222C22697354657374223A[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_settings1.9.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2233355F30222C22697354657374223A[...]
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_userid", "61643262356133322D663334352D343966362D386531372D316632336339636261306135");
Line Deleted : user_pref("CT3227982.backendstorage.mam_gk_welcomedialogmode", "31");
Line Deleted : user_pref("CT3227982.backendstorage.pg_enable", "66616C7365");
Line Deleted : user_pref("CT3227982.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT3227982.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT3227982.backendstorage.sf_user_id", "6369645F3737323031333837343333353630353535");
Line Deleted : user_pref("CT3227982.backendstorage.url_history0001", "687474703A2F2F73706F746865726F2E636F6D2F6E79632F62726F61647761792D7061726B696E673A3A3A636C69636B68616E646C65723A3A3A313337373336393837303033372C2[...]
Line Deleted : user_pref("CT3227982.components.1000034", false);
Line Deleted : user_pref("CT3227982.components.1000082", false);
Line Deleted : user_pref("CT3227982.components.129837883713568504", false);
Line Deleted : user_pref("CT3227982.components.129837883714037255", false);
Line Deleted : user_pref("CT3227982.components.3192020651322554256", false);
Line Deleted : user_pref("CT3227982.components.4040000215049528074", false);
Line Deleted : user_pref("CT3227982.components.9043685021158420454", false);
Line Deleted : user_pref("CT3227982.components.9221552460232570768", false);
Line Deleted : user_pref("CT3227982.countryCode", "US");
Line Deleted : user_pref("CT3227982.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]
Line Deleted : user_pref("CT3227982.globalFirstTimeInfoLastCheckTime", "Sat Feb 08 2014 09:36:01 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3227982.initDone", true);
Line Deleted : user_pref("CT3227982.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT3227982.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3227982.myStuffEnabled", true);
Line Deleted : user_pref("CT3227982.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3227982.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3227982.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3227982.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3227982.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT3227982.oldAppsList", "129837883711381002,129837883713256003,111,129837883713568504,129837883714037255,1000082,3192020651322554256,9221552460232570768,9043685021158420454,1299735132099879[...]
Line Deleted : user_pref("CT3227982.revertSettingsEnabled", true);
Line Deleted : user_pref("CT3227982.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3227982.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3227982.testingCtid", "");
Line Deleted : user_pref("CT3227982.toolbarAppMetaDataLastCheckTime", "Thu Mar 06 2014 09:22:24 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.toolbarContextMenuLastCheckTime", "Sat Feb 08 2014 09:35:59 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3227982.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "appbario8 Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227982/CT3227982", "\"5d57e984be1bada91ee3410bfdd6c5fa3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663751/1656277/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227982", "\"1367226759\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3227982", "uG7mdamLoNmpmgC2c0JctQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3227982", "jf4tQQjNr2TQ31uHimzTMg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3227982", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3227982", "ZU6zjERHpZr7lBpInn+HyA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.0.0", "\"0e0a4327275cd1:151d\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:1694\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"f414eeaa6bece1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT3227982&ver=3.20.0.4&client=ToolbarConfiguration", "\"7ec1af8b1fddf75d0aa6b26f72596f12\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227982", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ab3db9e13760ff6e7132f0ad2eec3a49\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\gary\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gzsu7gld.default\\conduitCommon\\modules\\3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree.html#pg_ext_msg_key_ed77b9d3,pg_agreement_msg_key,true", "356x317");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bb10c1b62-440d-47de-9b4c-f9e3ea91e6da%7D&mid=bf42b834fb3647d1a52efd6e91ffd0ea-469eadaf1a655fa3c76c8b7111[...]
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3227982");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3227982");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3227982");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "ad5946c5-a037-4045-917a-caa48aac09f8");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227982");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Feb 08 2014 09:36:10 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Feb 08 2014 09:35:33 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Feb 08 2014 09:35:25 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "809f380b-2b5b-49e7-b7ab-d141f4a39337");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "appbario8 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bb10c1b62-440d-47de-9b4c-f9e3ea91e6da%7D&mid=bf42b834fb3647d1a52efd6e91ffd0ea-469eadaf1a655fa3c76c8b711186f2bdb2[...]
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2504091");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "b896eeba0000000000002c27d71b3919");
Line Deleted : user_pref("extensions.delta.instlDay", "15963");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.69:36:46");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=122786&tsp=5006");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Line Deleted : user_pref("extensions.incredibar.instlday", "15544");
Line Deleted : user_pref("extensions.incredibar.instlref", "");
Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Line Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8zUhjiSR&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1419:34:41");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10658");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "b896eeba0000000000002c27d71b3919");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15544");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8zUhjiSR&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6R8zUhjiSR");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92824757357913033");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:34:41");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.j4I7M1lKt.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=4C6F2CA3-8DA5-471C-A10B-F84EF7F294BF&n=77ee3abd&ptnrS=ZXxdm003YYus&si=COuC-vKN_bICFcqj4Aod51[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2012101309");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "ZXxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "COuC-vKN_bICFcqj4Aod514AJQ");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "4C6F2CA3-8DA5-471C-A10B-F84EF7F294BF");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1394138299033");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "07101");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics");
Line Deleted : user_pref("extentions.y2layers.installId", "74e17b62-6759-48ad-b7f4-1a958e93f5f2");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2504091");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2504091&ctid=CT2504091&S[...]
Line Deleted : user_pref("smartbar.machineId", "UW5WKTOWKUOXJC3DWNBBK0PKDHJS3WX1EFO5D31FQBJOFZW7GM9RDXWKZ1E6BXJFPZ835SOAZKFYVQNL65TDZG");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q=");
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={F991D1AE-C810-4E1D-BFF6-A2120F9ACD54}&mid=bf42b834fb3647d1a52efd6e91ffd0ea-469eadaf1a655fa3c76c8b711186f2bdb28ab385&lang=en&ds=AVG&pr=fr&d=2012-09-29 08:48:29&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8962C27D71B3919&affID=122786&tsp=5006
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
[ File : C:\Users\gman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : appfhdomleefdliipjkhhdiojfahkgjb
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
 
*************************
 
AdwCleaner[R0].txt - [81481 octets] - [10/06/2014 12:20:51]
AdwCleaner[S0].txt - [81894 octets] - [10/06/2014 12:21:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [81955 octets] ##########
 
 


#14 Havok10

Havok10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 10 June 2014 - 11:51 AM

JRT Created a registry backup and then disappeared.  It did not appear to be running.

 

Security Check hung on Performing System Health Check



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 11 June 2014 - 07:01 AM

Please reboot and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users