Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop hard to boot after virus scan


  • This topic is locked This topic is locked
11 replies to this topic

#1 Artbroken

Artbroken

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 05 September 2014 - 04:04 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.17.2
Run by James at 16:49:02 on 2014-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.1586 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\James\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\James\AppData\Roaming\BrowserSync\IE\IEBrowserSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k SDRSVC
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Streamzap\Remote\zremote.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\windows\system32\rundll32.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\mpam-d4b4c2e0.exe
C:\Users\James\AppData\Local\Google\Update\Install\{1D8DE4F5-7201-4CBA-974B-85D98FC17376}\37.0.2062.103_36.0.1985.143_chrome_updater.exe
C:\Users\James\AppData\Local\Temp\CR_B8AC0.tmp\setup.exe
c:\4e7e1d5aadf182fded5589e6caeda2\MpSigStub.exe
C:\windows\system32\CompatTel\WicaInventory.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.8.150\McUicnt.exe
C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] "C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Facebook Update] "C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Amazon Cloud Player] C:\Users\James\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [BrowserSync] "C:\Users\James\AppData\Roaming\BrowserSync\BrowserSyncSetup.exe"repair update startup
uRun: [IEBrowserSync] "C:\Users\James\AppData\Roaming\BrowserSync\IE\IEBrowserSync.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [Conime] C:\windows\System32\conime.exe
mRun: [StreamZap Remote] C:\PROGRA~2\STREAM~1\Remote\zremote.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: NameServer = 75.76.84.102 75.76.84.103
TCP: Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734} : DHCPNameServer = 75.76.84.102 75.76.84.103
TCP: Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734}\2375942554132363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734}\84F4D454D254932323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734}\96E666F67716272796F627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FF494F62-D114-4F9F-A06B-5730E5B90BCA} : DHCPNameServer = 172.18.206.215 172.18.206.215
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Plus-HD-3.8: {11111111-1111-1111-1111-110311901130} - 
x64-BHO: ElectroLyrics-22: {11111111-1111-1111-1111-110411411172} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [PLFSetI] C:\windows\PLFSetI.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\James\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\extensions\{30b52caf-a2ee-4d8c-9c8f-901002e47c09}\plugins\np-mswmp.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\extensions\{30b52caf-a2ee-4d8c-9c8f-901002e47c09}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-03-04 18:25; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/13 07:28:46];C:\Program Files (x86)\Cyberlink\PowerDVD8\000.fcl [2009-7-7 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-5-13 203264]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-5-13 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-21 1809720]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160]
R3 CAXHWAZL;CAXHWAZL;C:\windows\System32\drivers\CAXHWAZL.sys [2010-5-13 292864]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-8-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-21 122584]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2010-5-13 34872]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-21 860472]
S3 CTV1W;Cisco CTV1W Driver;C:\windows\System32\drivers\CTV1W.sys [2011-3-8 1118048]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-18 111616]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-8-21 63704]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\windows\System32\drivers\NwUsbCdFil64.sys [2008-7-7 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\windows\System32\drivers\nwusbser2.sys [2008-5-9 213120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-5-13 225280]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2009-8-19 942080]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 zremote;Streamzap PC Remote Service;C:\windows\System32\drivers\zremote.sys [2009-3-16 19456]
.
=============== Created Last 30 ================
.
2014-09-05 20:28:33 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA937689-141B-47ED-ACCE-CB73FECB24F5}\mpengine.dll
2014-09-05 20:27:32 -------- d-----w- C:\4e7e1d5aadf182fded5589e6caeda2
2014-08-22 17:08:54 -------- d-----w- C:\windows\Migration
2014-08-22 16:59:13 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-22 16:58:01 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-22 16:58:01 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-22 16:58:01 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-22 16:58:01 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-22 03:08:56 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5893056-B645-49B9-AAC9-12FF87932492}\offreg.dll
2014-08-22 02:54:32 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-22 02:53:52 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-22 02:53:52 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-22 02:53:52 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-22 02:53:52 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-22 02:53:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 02:17:01 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-08-22 02:14:59 -------- d-----w- C:\AdwCleaner
2014-08-22 01:43:42 -------- d-----w- C:\windows\ERUNT
2014-08-22 01:18:35 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-22 01:18:35 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-22 01:18:34 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-22 01:18:34 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-22 01:18:31 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-22 01:18:31 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-22 01:18:01 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-22 01:18:01 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-22 01:16:36 -------- d-s---w- C:\windows\System32\CompatTel
2014-08-18 20:48:42 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0138B0A3-BB2B-4883-8EE0-A1E2FD6FBB85}\gapaengine.dll
2014-08-18 20:35:30 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5893056-B645-49B9-AAC9-12FF87932492}\mpengine.dll
2014-08-18 18:42:24 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-08-18 18:42:17 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-08-18 18:42:17 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-08-18 18:42:17 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-08-18 18:42:17 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-18 18:42:16 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-08-18 18:42:10 801280 ----a-w- C:\windows\System32\usp10.dll
2014-08-18 18:42:10 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-08-18 18:40:33 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2014-08-18 18:39:57 624128 ----a-w- C:\windows\System32\qedit.dll
2014-08-18 18:39:57 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-08-18 18:39:55 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-08-18 18:39:46 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-18 18:39:46 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-18 18:39:16 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-18 18:39:15 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-18 18:39:15 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-18 18:39:15 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-18 18:39:15 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-18 18:39:15 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-18 18:39:15 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-18 18:37:47 3928064 ----a-w- C:\windows\System32\d2d1.dll
2014-08-18 18:34:07 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-08-18 18:34:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-08-18 18:34:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-08-18 18:34:05 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-08-18 18:34:04 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-08-18 18:34:04 31232 ----a-w- C:\windows\System32\lsass.exe
2014-08-18 18:34:04 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-08-18 18:34:04 28160 ----a-w- C:\windows\System32\secur32.dll
2014-08-18 18:34:04 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-08-18 18:32:38 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-18 18:32:38 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-18 18:32:35 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-08-18 18:32:34 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-08-18 18:22:04 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-18 18:22:04 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-18 17:54:04 -------- d-----w- C:\Program Files\McAfee Security Scan
.
==================== Find3M  ====================
.
2014-08-18 20:46:15 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-18 20:46:15 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 16:51:04.35 ===============
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 10 September 2014 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 10 September 2014 - 06:43 PM

Hello Nasdaq, and thank you for taking the time to help me. 

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : James [Admin rights]
Mode : Remove -- Date : 09/10/2014  17:37:15
 
¤¤¤ Bad processes : 2 ¤¤¤
[Suspicious.Path] BrowserSyncSetup.exe -- C:\Users\James\AppData\Roaming\BrowserSync\BrowserSyncSetup.exe[-] -> KILLED [TermProc]
[Suspicious.Path] IEBrowserSync.exe -- C:\Users\James\AppData\Roaming\BrowserSync\IE\IEBrowserSync.exe[-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 21 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Run | BrowserSync : "C:\Users\James\AppData\Roaming\BrowserSync\BrowserSyncSetup.exe"repair update startup [x] -> DELETED
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Run | IEBrowserSync : "C:\Users\James\AppData\Roaming\BrowserSync\IE\IEBrowserSync.exe" [x] -> DELETED
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Run | BrowserSync : "C:\Users\James\AppData\Roaming\BrowserSync\BrowserSyncSetup.exe"repair update startup  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Run | IEBrowserSync : "C:\Users\James\AppData\Roaming\BrowserSync\IE\IEBrowserSync.exe"  -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.76.84.102 75.76.84.103  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.76.84.102 75.76.84.103  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 75.76.84.102 75.76.84.103  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734} | DhcpNameServer : 75.76.84.102 75.76.84.103  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF494F62-D114-4F9F-A06B-5730E5B90BCA} | DhcpNameServer : 172.18.206.215 172.18.206.215  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734} | DhcpNameServer : 75.76.84.102 75.76.84.103  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF494F62-D114-4F9F-A06B-5730E5B90BCA} | DhcpNameServer : 172.18.206.215 172.18.206.215  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9C3F8858-6950-476D-AED0-2B3C81110734} | DhcpNameServer : 75.76.84.102 75.76.84.103  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FF494F62-D114-4F9F-A06B-5730E5B90BCA} | DhcpNameServer : 172.18.206.215 172.18.206.215  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2796882250-677299055-3329080932-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\Updater2258.exe -- C:\Users\James\AppData\Local\Updater2258\Updater2258.exe (/extensionid=2258 /extensionname="I Want This" /chromeid=mpfapcdfbbledbojijcbcclmlieaoogk) -> DELETED
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : Bejeweled [adpkifcfcacgmnggcbpbjbkdijciiigm] -> NOT SELECTED
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5055GSX SATA Disk Device +++++
--- User ---
[MBR] e87e8109eea5daac21f013f222471e7d
[BSP] 1647ef4429e794c9caf67793017ccd7c : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
============================================
RKreport_SCN_09102014_172622.log
 
# AdwCleaner v3.309 - Report created 10/09/2014 at 17:43:36
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_3.309.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Smartbar
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\prefs.js ]
 
Line Found : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Found : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.description", "VisualBee Browser Extension");
Line Found : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.name", "VisualBee");
Line Found : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.publisher", "VisualBee");
Line Found : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.acastrojaaolcom62020.62020.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%22%3[...]
Line Found : user_pref("extensions.crossrider.bic", "1485334f068db0a8c7567a55225e33c3");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1410145251);
Line Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "NA");
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.asyncdb.was_copied", "true");
Line Found : user_pref("extensions.crossriderapp2258.2258.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.asyncinternaldb.was_copied", "true");
Line Found : user_pref("extensions.crossriderapp2258.2258.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 52);
Line Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1410145251");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1410145251");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Sep 14 2014 23:19:52 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1410385128");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221409675138%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1410146417549");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%22758676%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1410146391443");
Line Found : user_pref("extensions.crossriderapp2258.2258.crossriderapp2258_dbWasSet", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.crossriderapp2258_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "149");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Wed Sep 10 2014 23:38:48 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D%2C%22version%22%3Anull%7D"[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.lastDailyReport", "1410385125682");
Line Found : user_pref("extensions.crossriderapp2258.2258.lastUpdate", "1410385123840");
Line Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/2258/plugins/na/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 74);
Line Found : user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");
Line Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp2258.2258.ver", 149);
Line Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Found : user_pref("extensions.crossriderapp2258.bic", "1485334f068db0a8c7567a55225e33c3");
Line Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1410145251);
Line Found : user_pref("extensions.crossriderapp2258.modetype", "production");
Line Found : user_pref("extensions.crossriderapp2258.reportInstall", true);
Line Found : user_pref("extensions.crossriderapp2258.statsDailyCounter", 2);
Line Found : user_pref("extensions.enabledAddons", "crossriderapp2258%40crossrider.com:0.95.149,DeviceDetection%40logitech.com:1.23.0.5,firefox%40windows.browsersync.us:1.0,youtube-mp3%40eztomp3.com:1.0.8,castro.j[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [53864 octets] - [21/08/2014 22:15:11]
AdwCleaner[R1].txt - [12146 octets] - [10/09/2014 17:43:36]
AdwCleaner[S0].txt - [55757 octets] - [21/08/2014 22:27:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [12268 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by James (administrator) on JAMES-PC on 10-09-2014 18:01:31
Running from C:\Users\James\Desktop\faber
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Users\James\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Streamzap, Inc.) C:\Program Files (x86)\Streamzap\Remote\zremote.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] => C:\windows\PLFSetI.exe [206208 2010-02-26] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-07-07] (cyberlink)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-04-07] (Chicony)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [StreamZap Remote] => C:\Program Files (x86)\Streamzap\Remote\zremote.exe [753664 2007-09-28] (Streamzap, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072 2013-01-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\Run: [Google Update] => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600728 2014-08-18] (Electronic Arts)
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\Run: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] => C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-29] (Google Inc.)
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\Run: [Facebook Update] => C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-05] (Facebook Inc.)
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\Run: [Amazon Cloud Player] => C:\Users\James\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\MountPoints2: {d2dc1c77-9e7d-11e0-befa-00262d991e66} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2796882250-677299055-3329080932-1001\...\MountPoints2: {d2dc1ca2-9e7d-11e0-befa-00262d991e66} - E:\VZAccess_Manager.exe /z detect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x380A0C829D56CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.my.yahoo.com/
SearchScopes: HKCU - {0A434D20-3EDA-4ED0-B604-564DFACD8DF6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Plus-HD-3.8 -> {11111111-1111-1111-1111-110311901130} -> C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll No File
BHO: ElectroLyrics-22 -> {11111111-1111-1111-1111-110411411172} -> C:\Program Files (x86)\ElectroLyrics-22\ElectroLyrics-22-bho64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 75.76.84.102 75.76.84.103
 
FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\James\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\searchplugins\freemium-en1-customized-web-search.xml
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\searchplugins\yahoo_ff.xml
FF Extension: VisualBee - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com [2013-11-17]
FF Extension: Plus-HD-3.8c - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\castro.ja@aol.com [2014-09-10]
FF Extension: I Want This - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\crossriderapp2258@crossrider.com [2014-09-10]
FF Extension: Разпознаване на устройство Logitech - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\DeviceDetection@logitech.com [2011-08-10]
FF Extension: Search Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\searchtoolbar@zugo.com [2011-05-07]
FF Extension: EZ to MP3 Converter - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\youtube-mp3@eztomp3.com [2013-01-11]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-07]
FF Extension: BrowserSync - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\firefox@windows.browsersync.us.xpi [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR DefaultSearchProvider: Default -> Web
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2012-02-22]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2012-02-28]
CHR Extension: (Word Search Puzzle) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2012-02-22]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Planeto Quiz) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\caekfgjhgmkgdhbiaikgdbpldepnkchg [2012-02-22]
CHR Extension: (StoryLines) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\celkoncipomnbmcomjieepceifpcdgdl [2012-02-22]
CHR Extension: (Red Fox Snow Theme) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaadipmojdihomphfmjphmelinpdalg [2013-10-23]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Winter Mahjong) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddmhicnhpjfpgmcebbidppnammjebnkp [2012-02-22]
CHR Extension: (Farm King) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgjffonecbloecgdnookagmopcmacfh [2012-03-16]
CHR Extension: (Bubble Witch Saga) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhailaoejldfjbphmmmoldaegbobhjgp [2012-03-16]
CHR Extension: (Isoball 3) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2012-02-28]
CHR Extension: (RealDownloader) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-21]
CHR Extension: (MOG Music) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgljcanfdcmdnncaneopdlcgjlkgpenj [2012-02-28]
CHR Extension: (BrowserSync) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnlecnndagfeppanambbgaeanlmlgcc [2013-11-18]
CHR Extension: (Little Alchemy) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2012-02-22]
CHR Extension: (Artillery Tower Protector) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgcejmkikbadghamaadggncnbfekdik [2012-03-16]
CHR Extension: (ElectroLyrics-22) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpojdjnhnjecejmfmmfkmpbbpccabdhk [2013-10-22]
CHR Extension: (Poppit!) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-03-16]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Monsters House) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjpaihmfeancekndfgoplnjlcdfdnb [2012-02-22]
CHR Extension: (Barnyard Match) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm [2012-03-16]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR Extension: (Wolf Toss) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc [2012-02-22]
CHR Extension: (Gangs of Boomtown) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pllbjhofadlgfiimfgbiifkonijklnmg [2012-02-28]
CHR Extension: (Aztec Drop) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmeglpffblgeibddiihnafkihmkleje [2012-03-16]
CHR HKCU\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx [2013-11-14]
CHR HKCU\...\Chrome\Extension: [kbnlecnndagfeppanambbgaeanlmlgcc] - C:\Users\James\AppData\Roaming\BrowserSync\CH\CH.crx [2013-11-17]
CHR HKLM-x32\...\Chrome\Extension: [dpcomnokkgidfbnbfhfpofbgieghedec] - C:\Program Files (x86)\EzToMP3\eztomp3.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CTV1W; C:\Windows\System32\DRIVERS\CTV1W.sys [1118048 2010-04-19] (Ralink Technology Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
S3 zremote; C:\Windows\System32\Drivers\zremote.sys [19456 2010-10-22] (Streamzap, Inc.)
S3 zremote; C:\Windows\SysWOW64\Drivers\zremote.sys [10368 2004-03-01] (Streamzap, Inc.) [File not signed]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-07-07] (CyberLink Corp.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 18:01 - 2014-09-10 18:02 - 00000000 ____D () C:\FRST
2014-09-10 18:00 - 2014-09-10 18:01 - 00000000 ____D () C:\Users\James\Desktop\faber
2014-09-10 17:55 - 2014-09-10 17:55 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2796882250-677299055-3329080932-1001
2014-09-10 17:46 - 2014-09-10 17:46 - 00012365 _____ () C:\Users\James\Desktop\AdwCleaner[R1].txt
2014-09-10 17:42 - 2014-09-10 17:42 - 01370467 _____ () C:\Users\James\Desktop\adwcleaner_3.309.exe
2014-09-10 17:39 - 2014-09-10 17:40 - 00005853 _____ () C:\Users\James\Desktop\RKreport_DEL_09102014_173715.log
2014-09-10 17:00 - 2014-09-10 17:00 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-10 17:00 - 2014-09-10 17:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-10 16:58 - 2014-09-10 16:58 - 05429848 _____ () C:\Users\James\Desktop\RogueKillerX64.exe
2014-09-10 16:55 - 2014-09-10 17:55 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2796882250-677299055-3329080932-1001
2014-09-05 16:55 - 2014-09-05 16:55 - 00028760 _____ () C:\Users\James\Documents\DDS.txt
2014-09-05 16:55 - 2014-09-05 16:55 - 00013074 _____ () C:\Users\James\Documents\Attach.txt
2014-09-05 16:51 - 2014-09-05 16:51 - 00028760 _____ () C:\Users\James\Desktop\dds.txt
2014-09-05 16:51 - 2014-09-05 16:51 - 00013074 _____ () C:\Users\James\Desktop\attach.txt
2014-09-05 16:47 - 2014-09-05 16:47 - 00688992 _____ (Swearware) C:\Users\James\Downloads\dds (2).com
2014-09-05 16:47 - 2014-09-05 16:47 - 00688992 _____ (Swearware) C:\Users\James\Downloads\dds (1).com
2014-09-05 16:45 - 2014-09-05 16:47 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-08-22 12:59 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 12:59 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 12:59 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 12:59 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 12:58 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 12:58 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-22 12:58 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 12:58 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-22 12:58 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 12:58 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-22 12:58 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 12:58 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-22 12:58 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-22 12:58 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-21 22:54 - 2014-09-10 17:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 22:54 - 2014-08-21 22:54 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 22:54 - 2014-08-21 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 22:53 - 2014-08-21 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 22:53 - 2014-08-21 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-21 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-21 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-21 22:46 - 2014-08-21 22:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 22:43 - 2014-08-21 22:43 - 00055757 _____ () C:\Users\James\Documents\AdwCleaner[S0].txt
2014-08-21 22:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-21 22:14 - 2014-09-10 17:47 - 00000000 ____D () C:\AdwCleaner
2014-08-21 21:57 - 2014-08-21 21:57 - 00071488 _____ () C:\Users\James\Desktop\JRT.txt
2014-08-21 21:43 - 2014-08-21 21:43 - 00000000 ____D () C:\windows\ERUNT
2014-08-21 21:42 - 2014-08-21 21:42 - 01364531 _____ () C:\Users\James\Desktop\AdwCleaner.exe
2014-08-21 21:36 - 2014-08-21 21:36 - 00254891 _____ () C:\Users\James\Downloads\Can't uninstall Snap.Do - Resolved HijackThis Logs - Malwarebytes Forum.html
2014-08-21 21:29 - 2014-08-21 21:30 - 01016261 _____ (Thisisu) C:\Users\James\Desktop\JRT.exe
2014-08-21 21:26 - 2014-08-21 21:26 - 00001167 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-21 21:18 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-21 21:18 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-21 21:18 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-21 21:18 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-21 21:18 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-21 21:18 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-21 21:18 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-21 21:18 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-21 21:16 - 2014-08-21 21:16 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-18 14:42 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-08-18 14:42 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-08-18 14:42 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-08-18 14:41 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-08-18 14:41 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-08-18 14:41 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-08-18 14:41 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-08-18 14:41 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-08-18 14:41 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-08-18 14:41 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-08-18 14:41 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-08-18 14:41 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-08-18 14:41 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-08-18 14:41 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-08-18 14:41 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-08-18 14:41 - 2013-12-31 19:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-08-18 14:41 - 2013-12-31 19:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-08-18 14:41 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-08-18 14:40 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-08-18 14:40 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-08-18 14:40 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-18 14:40 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-08-18 14:40 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-08-18 14:40 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-08-18 14:40 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-08-18 14:40 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-08-18 14:40 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-08-18 14:40 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-08-18 14:40 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-08-18 14:40 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-08-18 14:40 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-08-18 14:40 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-08-18 14:40 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-08-18 14:40 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-08-18 14:40 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-08-18 14:40 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-08-18 14:40 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-08-18 14:40 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-08-18 14:40 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-08-18 14:40 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-08-18 14:40 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-08-18 14:40 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-08-18 14:40 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-08-18 14:40 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-08-18 14:40 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-08-18 14:40 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-08-18 14:39 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-18 14:39 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-18 14:39 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-08-18 14:39 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-08-18 14:39 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-18 14:39 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-18 14:39 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-18 14:39 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-18 14:39 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-18 14:39 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-18 14:39 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-18 14:39 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-08-18 14:38 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-08-18 14:38 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-08-18 14:38 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-08-18 14:38 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-08-18 14:38 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-08-18 14:38 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-08-18 14:38 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-08-18 14:38 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-08-18 14:38 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-08-18 14:38 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-08-18 14:38 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-08-18 14:38 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-08-18 14:38 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-08-18 14:38 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-08-18 14:38 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-08-18 14:38 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-08-18 14:38 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-08-18 14:38 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-08-18 14:38 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-08-18 14:38 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-08-18 14:37 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-18 14:37 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-18 14:37 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-08-18 14:37 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-08-18 14:37 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-08-18 14:37 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-08-18 14:37 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-08-18 14:37 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-08-18 14:37 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-08-18 14:37 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-08-18 14:37 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-08-18 14:37 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-08-18 14:37 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-08-18 14:37 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-08-18 14:37 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-08-18 14:37 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-08-18 14:37 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-08-18 14:37 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-08-18 14:36 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-18 14:35 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-18 14:35 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-18 14:35 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-18 14:35 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 14:35 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 14:35 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-18 14:35 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 14:35 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 14:35 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 14:35 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 14:35 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 14:35 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 14:35 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 14:35 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 14:35 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-18 14:35 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 14:35 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 14:35 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 14:35 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 14:35 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 14:35 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 14:35 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 14:35 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 14:35 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 14:35 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 14:35 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 14:35 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 14:35 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 14:35 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 14:35 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 14:35 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 14:35 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-18 14:35 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 14:35 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 14:35 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 14:35 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-18 14:35 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 14:35 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 14:35 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 14:35 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 14:35 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 14:35 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 14:35 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 14:35 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 14:35 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 14:35 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 14:35 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 14:35 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 14:35 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-18 14:35 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 14:35 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 14:35 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 14:35 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 14:35 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-18 14:35 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 14:35 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 14:35 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-18 14:35 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-08-18 14:35 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-08-18 14:35 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-08-18 14:35 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-08-18 14:35 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-08-18 14:35 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-08-18 14:35 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-08-18 14:35 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-08-18 14:35 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-08-18 14:35 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-08-18 14:35 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-08-18 14:35 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-08-18 14:34 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-08-18 14:34 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-08-18 14:34 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-08-18 14:34 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-08-18 14:34 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-08-18 14:34 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-08-18 14:34 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-08-18 14:34 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-08-18 14:34 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-08-18 14:32 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-18 14:32 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-18 14:32 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-08-18 14:32 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-08-18 14:22 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-18 14:22 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-18 13:54 - 2014-08-18 13:54 - 00001938 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-18 13:54 - 2014-08-18 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-18 13:54 - 2014-08-18 13:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-08-18 13:52 - 2014-08-18 13:52 - 01137848 _____ () C:\Users\James\Downloads\java_installer.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 18:02 - 2014-09-10 18:01 - 00000000 ____D () C:\FRST
2014-09-10 18:01 - 2014-09-10 18:00 - 00000000 ____D () C:\Users\James\Desktop\faber
2014-09-10 18:00 - 2009-07-14 00:45 - 00017600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 18:00 - 2009-07-14 00:45 - 00017600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 17:59 - 2010-05-13 10:09 - 01763888 _____ () C:\windows\WindowsUpdate.log
2014-09-10 17:56 - 2013-10-05 14:51 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA.job
2014-09-10 17:55 - 2014-09-10 17:55 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2796882250-677299055-3329080932-1001
2014-09-10 17:55 - 2014-09-10 16:55 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2796882250-677299055-3329080932-1001
2014-09-10 17:51 - 2013-10-22 17:29 - 00001194 _____ () C:\windows\Tasks\VisualBee-updater.job
2014-09-10 17:51 - 2013-10-22 17:28 - 00001200 _____ () C:\windows\Tasks\VisualBee-codedownloader.job
2014-09-10 17:51 - 2013-10-22 17:27 - 00001904 _____ () C:\windows\Tasks\VisualBee-chromeinstaller.job
2014-09-10 17:51 - 2013-10-22 17:27 - 00001828 _____ () C:\windows\Tasks\VisualBee-firefoxinstaller.job
2014-09-10 17:50 - 2013-02-24 18:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 17:50 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:49 - 2009-08-15 02:59 - 00310270 _____ () C:\windows\PFRO.log
2014-09-10 17:49 - 2009-07-14 00:51 - 00214094 _____ () C:\windows\setupact.log
2014-09-10 17:47 - 2014-08-21 22:14 - 00000000 ____D () C:\AdwCleaner
2014-09-10 17:46 - 2014-09-10 17:46 - 00012365 _____ () C:\Users\James\Desktop\AdwCleaner[R1].txt
2014-09-10 17:45 - 2013-02-24 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 17:45 - 2013-02-24 18:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 17:45 - 2011-05-16 07:10 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 17:42 - 2014-09-10 17:42 - 01370467 _____ () C:\Users\James\Desktop\adwcleaner_3.309.exe
2014-09-10 17:40 - 2014-09-10 17:39 - 00005853 _____ () C:\Users\James\Desktop\RKreport_DEL_09102014_173715.log
2014-09-10 17:25 - 2014-08-21 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 17:09 - 2011-10-23 17:38 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA.job
2014-09-10 17:00 - 2014-09-10 17:00 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-10 17:00 - 2014-09-10 17:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-10 16:59 - 2011-12-26 20:39 - 00000000 ____D () C:\ProgramData\Origin
2014-09-10 16:58 - 2014-09-10 16:58 - 05429848 _____ () C:\Users\James\Desktop\RogueKillerX64.exe
2014-09-10 16:57 - 2011-12-26 20:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-10 16:53 - 2013-12-28 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 16:53 - 2013-02-24 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-05 18:00 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-05 16:58 - 2011-10-23 17:39 - 00002372 _____ () C:\Users\James\Desktop\Google Chrome.lnk
2014-09-05 16:55 - 2014-09-05 16:55 - 00028760 _____ () C:\Users\James\Documents\DDS.txt
2014-09-05 16:55 - 2014-09-05 16:55 - 00013074 _____ () C:\Users\James\Documents\Attach.txt
2014-09-05 16:51 - 2014-09-05 16:51 - 00028760 _____ () C:\Users\James\Desktop\dds.txt
2014-09-05 16:51 - 2014-09-05 16:51 - 00013074 _____ () C:\Users\James\Desktop\attach.txt
2014-09-05 16:47 - 2014-09-05 16:47 - 00688992 _____ (Swearware) C:\Users\James\Downloads\dds (2).com
2014-09-05 16:47 - 2014-09-05 16:47 - 00688992 _____ (Swearware) C:\Users\James\Downloads\dds (1).com
2014-09-05 16:47 - 2014-09-05 16:45 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-08-22 13:41 - 2013-01-22 17:53 - 00000000 ____D () C:\Users\James\AppData\Local\Updater2258
2014-08-22 13:15 - 2009-07-14 01:13 - 00006152 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-22 13:05 - 2011-01-26 17:18 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-22 13:05 - 2010-09-18 19:57 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-22 13:04 - 2012-05-01 21:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-22 13:04 - 2011-01-26 17:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-22 13:02 - 2009-08-22 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 22:54 - 2014-08-21 22:54 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 22:54 - 2014-08-21 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 22:53 - 2014-08-21 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 22:53 - 2014-08-21 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 22:53 - 2014-08-21 22:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 22:43 - 2014-08-21 22:43 - 00055757 _____ () C:\Users\James\Documents\AdwCleaner[S0].txt
2014-08-21 22:38 - 2009-07-14 00:45 - 00429456 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-21 22:37 - 2013-03-14 15:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-21 22:37 - 2013-03-14 15:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-21 22:34 - 2009-08-15 03:39 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-21 22:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-08-21 22:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-08-21 22:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-21 22:05 - 2013-07-16 20:17 - 00000000 ____D () C:\windows\system32\MRT
2014-08-21 21:57 - 2014-08-21 21:57 - 00071488 _____ () C:\Users\James\Desktop\JRT.txt
2014-08-21 21:43 - 2014-08-21 21:43 - 00000000 ____D () C:\windows\ERUNT
2014-08-21 21:42 - 2014-08-21 21:42 - 01364531 _____ () C:\Users\James\Desktop\AdwCleaner.exe
2014-08-21 21:36 - 2014-08-21 21:36 - 00254891 _____ () C:\Users\James\Downloads\Can't uninstall Snap.Do - Resolved HijackThis Logs - Malwarebytes Forum.html
2014-08-21 21:33 - 2013-03-14 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-21 21:30 - 2014-08-21 21:29 - 01016261 _____ (Thisisu) C:\Users\James\Desktop\JRT.exe
2014-08-21 21:26 - 2014-08-21 21:26 - 00001167 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-21 21:16 - 2014-08-21 21:16 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-18 18:42 - 2010-09-17 22:23 - 00000000 ____D () C:\Users\James\AppData\Local\Microsoft Games
2014-08-18 16:46 - 2010-11-25 16:18 - 00000000 ____D () C:\Users\James\AppData\Roaming\Apple Computer
2014-08-18 16:44 - 2011-12-26 20:39 - 00000000 ____D () C:\Users\James\AppData\Roaming\Origin
2014-08-18 16:44 - 2011-12-26 20:39 - 00000000 ____D () C:\Users\James\AppData\Local\Origin
2014-08-18 14:09 - 2011-10-23 17:38 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001Core.job
2014-08-18 14:04 - 2011-10-23 17:38 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA
2014-08-18 14:04 - 2011-10-23 17:38 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001Core
2014-08-18 13:54 - 2014-08-18 13:54 - 00001938 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-18 13:54 - 2014-08-18 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-18 13:54 - 2014-08-18 13:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-08-18 13:54 - 2013-02-24 17:45 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-18 13:52 - 2014-08-18 13:52 - 01137848 _____ () C:\Users\James\Downloads\java_installer.exe
2014-08-18 13:51 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
 
Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\2258_updater.exe
C:\Users\James\AppData\Local\Temp\APNStub.exe
C:\Users\James\AppData\Local\Temp\AskSLib.dll
C:\Users\James\AppData\Local\Temp\EADFB9D.exe
C:\Users\James\AppData\Local\Temp\eject.exe
C:\Users\James\AppData\Local\Temp\ElectroLyrics_1060-4040_v122.exe
C:\Users\James\AppData\Local\Temp\exthelper.exe
C:\Users\James\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\James\AppData\Local\Temp\GetCC.dll
C:\Users\James\AppData\Local\Temp\InsMagic.dll
C:\Users\James\AppData\Local\Temp\installerdll2046233.dll
C:\Users\James\AppData\Local\Temp\installerdll2063706.dll
C:\Users\James\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\James\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\James\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\James\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\James\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\James\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\lowproc.exe
C:\Users\James\AppData\Local\Temp\nsg2EFF.exe
C:\Users\James\AppData\Local\Temp\nsl522B.exe
C:\Users\James\AppData\Local\Temp\nsl6A5D.exe
C:\Users\James\AppData\Local\Temp\nslFD75.exe
C:\Users\James\AppData\Local\Temp\nsq3871.exe
C:\Users\James\AppData\Local\Temp\nsq4D7A.exe
C:\Users\James\AppData\Local\Temp\nsv1BAE.exe
C:\Users\James\AppData\Local\Temp\OfferBrokerage_14200.exe
C:\Users\James\AppData\Local\Temp\ping.exe
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\rootsupd.exe
C:\Users\James\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\James\AppData\Local\Temp\SendMsg.dll
C:\Users\James\AppData\Local\Temp\Setup.exe
C:\Users\James\AppData\Local\Temp\SkypeSetup.exe
C:\Users\James\AppData\Local\Temp\Snapdo_v2.exe
C:\Users\James\AppData\Local\Temp\SPStub.exe
C:\Users\James\AppData\Local\Temp\stubhelper.dll
C:\Users\James\AppData\Local\Temp\uninst1.exe
C:\Users\James\AppData\Local\Temp\UninstallEADM.dll
C:\Users\James\AppData\Local\Temp\vbmz.exe
C:\Users\James\AppData\Local\Temp\vcredist_x64.exe
C:\Users\James\AppData\Local\Temp\vcredist_x86.exe
C:\Users\James\AppData\Local\Temp\VisualBeeWebext.exe
C:\Users\James\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\James\AppData\Local\Temp\wisemsg.dll
C:\Users\James\AppData\Local\Temp\ytb.exe
C:\Users\James\AppData\Local\Temp\_is20A2.exe
C:\Users\James\AppData\Local\Temp\_isA0F.exe
C:\Users\James\AppData\Local\Temp\{25382403-CBFA-4AF5-A818-32A91B050C4B}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-05 17:49
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by James at 2014-09-10 18:05:04
Running from C:\Users\James\Desktop\faber
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1103 - Alps Electric)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{BADFD936-E907-C666-A6E1-3C04C06E4260}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
BrowserSync (HKCU\...\BrowserSync_is1) (Version: 1.0 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3108 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815m.50 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815m.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Ez To MP3 Converter (HKLM-x32\...\EzToMP3) (Version:  - Buzzbox Media)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free YouTube Download Manager (HKLM-x32\...\{35645070-2fbb-4ac3-a5d1-eeb53a62f73b}) (Version: 1.0.0.0 - Freetec)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.6.0730 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Gateway Incorporated)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.56 - Conexant Systems)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP OfficeJet J6400 (HKLM\...\{8AB2AC00-AFFF-4043-83D9-0086528B337F}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
J6400 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.02.11.001.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.02.11.001.14 - Novatel Wireless) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
Pinnacle Systems USB Installation (HKLM-x32\...\Pinnacle Systems USB Installation) (Version:  - )
Plus-HD-3.8 (HKLM-x32\...\Plus-HD-3.8) (Version: 1.28.153.1 - Plus HD) <==== ATTENTION
ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.8.1.76.g4773b858 - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Streamzap Remote Drivers  3.0.0.0 (HKLM-x32\...\{252477FC-5FD0-4654-8787-E10FF13D365D}) (Version: 3.0.0.0 - Streamzap, Inc.)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.39.3 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.121.407 - Chicony Electronics Co.,Ltd.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Window Shopper (HKLM-x32\...\{A1570454-ED12-4050-A7AC-9282C7AFB23C}) (Version: 01.02.0003 - Superfish)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
YTD Toolbar v9.6 (HKLM-x32\...\{E48A7F58-FA79-4C71-9D95-571AA02C9D7E}) (Version: 9.6 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.6 - GreenTree Applications SRL)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2796882250-677299055-3329080932-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2796882250-677299055-3329080932-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
10-09-2014 21:22:19 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1041D639-8AFF-487A-8BF6-E75F4709E7CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {1D343474-E4D7-4C34-9069-B217ABB382D5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001Core => C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-05] (Facebook Inc.)
Task: {345B7009-B157-41B6-A646-29A36A784F89} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {34631C01-5ABB-4067-94EB-61A1D75F6457} - System32\Tasks\VisualBee-firefoxinstaller => C:\Program Files (x86)\VisualBee\VisualBee-firefoxinstaller.exe <==== ATTENTION
Task: {4799DD7A-47C1-460D-AD44-CD566A0D43E2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2796882250-677299055-3329080932-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {47DF9212-0456-4493-83FA-B86DB4A2339C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA => C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-05] (Facebook Inc.)
Task: {55D7F6E0-FF03-4C08-B357-A68D506BD2F9} - System32\Tasks\{140A2B39-C4C1-4A5E-B377-855BFF1FF44A} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {590983AA-4AE6-4DA4-A831-C1C9B2AE2E2D} - System32\Tasks\VisualBee-updater => C:\Program Files (x86)\VisualBee\VisualBee-updater.exe <==== ATTENTION
Task: {7523AD2D-0FC3-4185-9487-76832DEC2F95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {868506D1-EEFD-43C9-8249-3124D1FB7D05} - System32\Tasks\VisualBee-chromeinstaller => C:\Program Files (x86)\VisualBee\VisualBee-chromeinstaller.exe <==== ATTENTION
Task: {B02A3FBD-36A8-419D-9494-27C1B0373495} - System32\Tasks\VisualBee-codedownloader => C:\Program Files (x86)\VisualBee\VisualBee-codedownloader.exe <==== ATTENTION
Task: {CD18A49E-5348-4E35-A3CA-050DCE8F2715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1D4FE42-AF09-457F-AC6B-AAFA6153D6FF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {ECB307AF-7F05-45C5-B4E0-0FA31C2A5331} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2796882250-677299055-3329080932-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {F7F6B7AB-527A-4F9F-8C50-D90416DE2D45} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001Core.job => C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA.job => C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796882250-677299055-3329080932-1001UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\VisualBee-chromeinstaller.job => C:\Program Files (x86)\VisualBee\VisualBee-chromeinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-codedownloader.job => C:\Program Files (x86)\VisualBee\VisualBee-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-firefoxinstaller.job => C:\Program Files (x86)\VisualBee\VisualBee-firefoxinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-updater.job => C:\Program Files (x86)\VisualBee\VisualBee-updater.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-08-26 10:09 - 2010-02-26 13:39 - 00206208 _____ () C:\Windows\PLFSetI.exe
2013-10-26 17:14 - 2013-09-10 20:51 - 03109376 _____ () C:\Users\James\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-05-13 13:44 - 2009-05-13 13:44 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-13 10:19 - 2010-05-13 10:19 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2010-05-13 11:02 - 2009-04-02 19:03 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2009-06-03 23:59 - 2009-06-03 23:59 - 00619816 _____ () C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
2009-06-03 23:59 - 2009-06-03 23:59 - 00013096 _____ () c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-05 16:58 - 2014-08-29 22:49 - 01098056 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 16:58 - 2014-08-29 22:49 - 00174408 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 16:58 - 2014-08-29 22:49 - 08577864 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 16:58 - 2014-08-29 22:49 - 00331592 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 16:58 - 2014-08-29 22:49 - 01660232 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetLink ™ Gigabit Ethernet #3
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P3005
Description: HP LaserJet P3005
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2014 05:22:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3377b032-9cb2-434b-9693-d902e79186f6}
 
Error: (09/10/2014 05:06:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (09/10/2014 04:57:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0033006d
Faulting process id: 0xb7c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/05/2014 05:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/05/2014 05:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/05/2014 05:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/05/2014 05:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/05/2014 05:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/05/2014 05:51:40 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (09/05/2014 04:31:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (09/10/2014 04:56:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NTI IScheduleSvc service failed to start due to the following error: 
%%1053
 
Error: (09/10/2014 04:56:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.
 
Error: (09/10/2014 04:54:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:01:39 PM on ‎9/‎8/‎2014 was unexpected.
 
Error: (09/08/2014 00:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.183.1739.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/08/2014 11:57:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/08/2014 11:57:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/08/2014 11:57:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/08/2014 11:55:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/08/2014 11:55:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/08/2014 11:55:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II Dual-Core M320
Percentage of memory in use: 39%
Total physical RAM: 3838.36 MB
Available physical RAM: 2324.12 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5978.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:453.94 GB) (Free:350.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BBE90F5F)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 11 September 2014 - 08:17 AM



Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    The ADWCleaner log is from the Scan. Did you also run the Fix button. If not please do it.
    ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    BHO: Plus-HD-3.8 -> {11111111-1111-1111-1111-110311901130} -> C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll No File
    BHO: ElectroLyrics-22 -> {11111111-1111-1111-1111-110411411172} -> C:\Program Files (x86)\ElectroLyrics-22\ElectroLyrics-22-bho64.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
    FF Extension: VisualBee - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com [2013-11-17]
    FF Extension: Plus-HD-3.8c - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\castro.ja@aol.com [2014-09-10]
    FF Extension: I Want This - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\crossriderapp2258@crossrider.com [2014-09-10]
    FF Extension: Search Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\searchtoolbar@zugo.com [2011-05-07]
    FF Extension: BrowserSync - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\firefox@windows.browsersync.us.xpi [2013-11-17]
    CHR DefaultSearchKeyword: Default -> search.snapdo.com
    CHR DefaultSearchProvider: Default -> Web
    CHR DefaultSearchURL: Default -> http://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=ds&q={searchTerms}&installDate=22/10/2013
    CHR Extension: (BrowserSync) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnlecnndagfeppanambbgaeanlmlgcc [2013-11-18]
    CHR Extension: (ElectroLyrics-22) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpojdjnhnjecejmfmmfkmpbbpccabdhk [2013-10-22]
    CHR Extension: (Poppit!) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-03-16]
    CHR HKCU\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx [2013-11-14]
    CHR HKCU\...\Chrome\Extension: [kbnlecnndagfeppanambbgaeanlmlgcc] - C:\Users\James\AppData\Roaming\BrowserSync\CH\CH.crx [2013-11-17]
    CHR HKLM-x32\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx [2013-11-14]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
    Task: {34631C01-5ABB-4067-94EB-61A1D75F6457} - System32\Tasks\VisualBee-firefoxinstaller => C:\Program Files (x86)\VisualBee\VisualBee-firefoxinstaller.exe <==== ATTENTION
    Task: {590983AA-4AE6-4DA4-A831-C1C9B2AE2E2D} - System32\Tasks\VisualBee-updater => C:\Program Files (x86)\VisualBee\VisualBee-updater.exe <==== ATTENTION
    Task: {868506D1-EEFD-43C9-8249-3124D1FB7D05} - System32\Tasks\VisualBee-chromeinstaller => C:\Program Files (x86)\VisualBee\VisualBee-chromeinstaller.exe <==== ATTENTION
    Task: {B02A3FBD-36A8-419D-9494-27C1B0373495} - System32\Tasks\VisualBee-codedownloader => C:\Program Files (x86)\VisualBee\VisualBee-codedownloader.exe <==== ATTENTION
    Task: C:\windows\Tasks\VisualBee-chromeinstaller.job => C:\Program Files (x86)\VisualBee\VisualBee-chromeinstaller.exe <==== ATTENTION
    Task: C:\windows\Tasks\VisualBee-codedownloader.job => C:\Program Files (x86)\VisualBee\VisualBee-codedownloader.exe <==== ATTENTION
    Task: C:\windows\Tasks\VisualBee-firefoxinstaller.job => C:\Program Files (x86)\VisualBee\VisualBee-firefoxinstaller.exe <==== ATTENTION
    Task: C:\windows\Tasks\VisualBee-updater.job => C:\Program Files (x86)\VisualBee\VisualBee-updater.exe <==== ATTENTION
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?






#5 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 11 September 2014 - 05:32 PM

The computer seems better, browsers are much faster.

It reboots fine, but last night got hung up on windows update after 6 files. 

It took a few tries to get it to boot up today. 

 

I am posting 3 logs from Adwcleaner, along with the others you requested. 

 

# AdwCleaner v3.308 - Report created 21/08/2014 at 22:27:55
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : WajamUpdaterV3
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Freemium_EN1
Folder Deleted : C:\Program Files (x86)\ElectroLyrics-22
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\James\AppData\Local\apn
Folder Deleted : C:\Users\James\AppData\Local\Conduit
Folder Deleted : C:\Users\James\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\James\AppData\Local\emaze
Folder Deleted : C:\Users\James\AppData\Local\I Want This
Folder Deleted : C:\Users\James\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\James\AppData\Local\Slick Savings
Folder Deleted : C:\Users\James\AppData\Local\Wajam
Folder Deleted : C:\Users\James\AppData\Local\WhiteListing
Folder Deleted : C:\Users\James\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\James\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\James\AppData\Local\Temp\CT3311339
Folder Deleted : C:\Users\James\AppData\LocalLow\Freemium_EN1
Folder Deleted : C:\Users\James\AppData\LocalLow\ElectroLyrics-22
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Conduit
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\ConduitEngine
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\ValueApps
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\CT3311339
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\{30b52caf-a2ee-4d8c-9c8f-901002e47c09}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\a6ccd3b6-756e-4958-a42d-862e7cadb3dd@083273b9-e311-43aa-9a4f-e2ffa7fb013e.com
[!] Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\maeijollgfmffkncnabiigmkoomhjnhf
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\bProtector_extensions.rdf
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
Task Deleted : VisualBee-enabler
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5868addb26eef14
Key Deleted : HKLM\SOFTWARE\5868addb26eef14
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3311339
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53F2708B-451F-45D7-9B1D-F0B74F2B7DE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30B52CAF-A2EE-4D8C-9C8F-901002E47C09}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30B52CAF-A2EE-4D8C-9C8F-901002E47C09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{53F2708B-451F-45D7-9B1D-F0B74F2B7DE5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A42BD09-87DD-415C-BB45-DD24171F9C77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAF48FB1-8798-445B-A932-3FB3CABCA752}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30B52CAF-A2EE-4D8C-9C8F-901002E47C09}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{30B52CAF-A2EE-4D8C-9C8F-901002E47C09}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Software\Freemium_EN1
Key Deleted : HKCU\Software\AppDataLow\Software\ElectroLyrics-22
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\Freemium_EN1
Key Deleted : HKLM\SOFTWARE\ElectroLyrics-22
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ElectroLyrics-22
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\prefs.js ]
 
Line Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Line Deleted : user_pref("CT2260173.CurrentServerDate", "24-2-2013");
Line Deleted : user_pref("CT2260173.DSInstall", false);
Line Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Sun Feb 24 2013 15:14:09 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2260173.FirstServerDate", "24-2-2013");
Line Deleted : user_pref("CT2260173.FirstTime", true);
Line Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Line Deleted : user_pref("CT2260173.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT2260173.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2260173.HPInstall", false);
Line Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2260173.Initialize", true);
Line Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2260173.InstallationType", "Unknown");
Line Deleted : user_pref("CT2260173.InstalledDate", "Sun Feb 24 2013 15:14:19 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2260173.IsGrouping", false);
Line Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Line Deleted : user_pref("CT2260173.IsMulticommunity", false);
Line Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Line Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Sun Feb 24 2013 15:14:19 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.LastLogin_3.18.0.7", "Sun Feb 24 2013 15:14:45 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.LatestVersion", "3.18.0.7");
Line Deleted : user_pref("CT2260173.Locale", "en");
Line Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.18.0.7");
Line Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sun Feb 24 2013 15:14:46 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Sun Feb 24 2013 15:14:05 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Sun Feb 24 2013 15:14:06 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.SettingsLastUpdate", "1361717685");
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Sun Feb 24 2013 15:14:04 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2260173.UserID", "UN21917367125101259");
Line Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Line Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2260173.alertChannelId", "657446");
Line Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Sun Feb 24 2013 15:14:09 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2260173.initDone", true);
Line Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2260173.myStuffEnabled", true);
Line Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT2260173.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2260173.testingCtid", "");
Line Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sun Feb 24 2013 15:14:09 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Sun Feb 24 2013 15:14:19 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2260173.usagesFlag", 2);
Line Deleted : user_pref("CT3311339.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3311339.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3311339.1000234.TWC_TMP_city", "WEST POINT");
Line Deleted : user_pref("CT3311339.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3311339.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3311339.1000234.TWC_locId", "USGA0614");
Line Deleted : user_pref("CT3311339.1000234.TWC_location", "West Point, GA");
Line Deleted : user_pref("CT3311339.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3311339.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3311339.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3311339.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.FF19Solved", "true");
Line Deleted : user_pref("CT3311339.FirstTime", "true");
Line Deleted : user_pref("CT3311339.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3311339.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3311339.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3311339.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3311339.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3311339.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3311339.UserID", "UN53947742514848163");
Line Deleted : user_pref("CT3311339.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3311339.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311339.cbfirsttime", "%CC%F8%EF%A6%D4%F5%FC%A6%B8%B8%A6%B8%B6%B7%B9%A6%B8%B6%C0%B8%B6%C0%BB%BB%A6%CD%D3%DA%B3%B6%BB%B6%B6%A6%AE%CB%E7%F9%FA%EB%F8%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3311339.cbfirsttime.enc", "RnJpIE5vdiAyMiAyMDEzIDIwOjIwOjU1IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3311339.countryCode", "US");
Line Deleted : user_pref("CT3311339.defaultSearch", "true");
Line Deleted : user_pref("CT3311339.enableAlerts", "true");
Line Deleted : user_pref("CT3311339.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3311339.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3311339.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3311339.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3311339.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3311339.fullUserID", "UN53947742514848163.IN.20131117164040");
Line Deleted : user_pref("CT3311339.homepageuserchanged", true);
Line Deleted : user_pref("CT3311339.installDate", "17/11/2013 16:40:58");
Line Deleted : user_pref("CT3311339.installId", "stub.exe");
Line Deleted : user_pref("CT3311339.installSessionId", "{3C0818C1-B20D-4C06-B5CB-E7E1E673E94C}");
Line Deleted : user_pref("CT3311339.installSp", "TRUE");
Line Deleted : user_pref("CT3311339.installUsage", "2013-11-23T04:18:17.4744411+03:00");
Line Deleted : user_pref("CT3311339.installUsageEarly", "2013-11-23T04:17:37.5074973+03:00");
Line Deleted : user_pref("CT3311339.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3311339.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3311339.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3311339.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3311339.keyword", true);
Line Deleted : user_pref("CT3311339.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3311339&octid=CT3311339&ISID=ISID_ID&SearchSource=15&CUI=UN53947742514848163&SSPV=&[...]
Line Deleted : user_pref("CT3311339.lastVersion", "10.22.5.510");
Line Deleted : user_pref("CT3311339.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B7%BC%BF%BB%BF%B6%BC%B8%B9");
Line Deleted : user_pref("CT3311339.mam_gk_appStateReportTime.enc", "MTM4NTE2OTU5MDYyMw==");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Discover", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Easytobookcars", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Easytobookcars.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_JobsMiner", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_JobsMiner.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3311339.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3311339.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3311339.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3311339.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3311339.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Deleted : user_pref("CT3311339.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Deleted : user_pref("CT3311339.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3311339.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3311339.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3311339.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3311339.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B7%BC%BF%BC%B6%BA%B8%BD%BA");
Line Deleted : user_pref("CT3311339.mam_gk_lastLoginTime.enc", "MTM4NTE2OTYwNDI3NA==");
Line Deleted : user_pref("CT3311339.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3311339.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3311339.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3311339.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3311339.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3311339.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3311339.mam_gk_settings1.11.4.2", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3311339.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3311339.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3311339.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3311339.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3311339.mam_gk_userId", "%E9%B6%EA%BB%E7%BB%EC%BB%B3%B8%B7%E7%B9%B3%BA%EA%E7%BB%B3%BE%EB%E7%BC%B3%BE%BE%B8%B7%BA%BB%E8%BF%BC%BB%B9%BE");
Line Deleted : user_pref("CT3311339.mam_gk_userId.enc", "YzBkNWE1ZjUtMjFhMy00ZGE1LThlYTYtODgyMTQ1Yjk2NTM4");
Line Deleted : user_pref("CT3311339.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3311339.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3311339.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3311339.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://FreemiumEN1.OurToolbar.com/\",\"EB_TOO[...]
Line Deleted : user_pref("CT3311339.openThankYouPage", "false");
Line Deleted : user_pref("CT3311339.openUninstallPage", "true");
Line Deleted : user_pref("CT3311339.originalSearchEngine", "Yahoo!");
Line Deleted : user_pref("CT3311339.originalSearchEngineName", "Yahoo!");
Line Deleted : user_pref("CT3311339.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3311339.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3311339.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3311339.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3311339.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3311339.searchRevert", "true");
Line Deleted : user_pref("CT3311339.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3311339.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3311339.searchUserMode", "2");
Line Deleted : user_pref("CT3311339.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3311339\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreemiumEN1.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freemium EN1 \"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_services_Configuration_lastUpdate", "1408670886752");
Line Deleted : user_pref("CT3311339.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386632198537");
Line Deleted : user_pref("CT3311339.serviceLayer_services_appsMetadata_lastUpdate", "1386985225173");
Line Deleted : user_pref("CT3311339.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386632200061");
Line Deleted : user_pref("CT3311339.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1385169491560");
Line Deleted : user_pref("CT3311339.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1385169532455");
Line Deleted : user_pref("CT3311339.serviceLayer_services_login_10.22.3.18_lastUpdate", "1385169531670");
Line Deleted : user_pref("CT3311339.serviceLayer_services_login_10.22.5.510_lastUpdate", "1408670883093");
Line Deleted : user_pref("CT3311339.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386632200921");
Line Deleted : user_pref("CT3311339.serviceLayer_services_searchAPI_lastUpdate", "1408670886718");
Line Deleted : user_pref("CT3311339.serviceLayer_services_serviceMap_lastUpdate", "1408670882585");
Line Deleted : user_pref("CT3311339.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386985224372");
Line Deleted : user_pref("CT3311339.serviceLayer_services_toolbarSettings_lastUpdate", "1408670885588");
Line Deleted : user_pref("CT3311339.serviceLayer_services_translation_lastUpdate", "1408670882358");
Line Deleted : user_pref("CT3311339.settingsINI", true);
Line Deleted : user_pref("CT3311339.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3311339.showToolbarPermission", "false");
Line Deleted : user_pref("CT3311339.smartbar.CTID", "CT3311339");
Line Deleted : user_pref("CT3311339.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3311339.smartbar.toolbarName", "Freemium EN1 ");
Line Deleted : user_pref("CT3311339.startPage", "true");
Line Deleted : user_pref("CT3311339.toolbarBornServerTime", "23-11-2013");
Line Deleted : user_pref("CT3311339.toolbarCurrentServerTime", "22-8-2014");
Line Deleted : user_pref("CT3311339.toolbarInstallDate", "17-11-2013 16:40:44");
Line Deleted : user_pref("CT3311339.toolbarLoginClientTime", "Fri Nov 22 2013 20:18:51 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3311339.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3311339.xpeMode", "0");
Line Deleted : user_pref("CT3311339_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1408674467611,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173", "\"fa3d8e52435828763067e2927df66a373\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:160f\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173", "\"ccd90dbc0806c30e56e17c4594b38942\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"d4a1206d608e1ccaf1adf816f21eafae\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\James\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zhzkjjy5.default\\conduitCommon\\modules\\3.18.0.7");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.js", "\n\n  /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_175.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(B){this.que[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_32.code", "appAPI.hooks.addHook(\"images\",(function(a){return function(){var v={bg[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Line Deleted : user_pref("extensions.aa6ccd3b6756e4958a42d862e7cadb3dd083273b9e31143aa9a4fe2ffa7fb013ecom44172.44172.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.crossrider.bic", "147fb8a8ab600abd4a799e50e12ed31f");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1408674466);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1408674466");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.lastUpdate", "1408674460094");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "147fb8a8ab600abd4a799e50e12ed31f");
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1408674466);
Line Deleted : user_pref("extensions.crossriderapp2258.reportInstall", true);
Line Deleted : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.23.0.5,youtube-mp3%40eztomp3.com:1.0.8,%7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:1.0,firefox%40windows.browsersync.us:1.0,cross[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 23116433);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.installationid", "ffc4c091-c557-5d88-5764-b83c463618df");
Line Deleted : user_pref("extensions.helperbar.installdate", "22/10/2013");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21091\",\"update_interval\":74,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"supported_sites\":{\"google\":{\"main_pattern\":\".*[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1385169572002 - onFlagInfoReceived - Server mapping version: 0.21087\n1385169572003 - onFlagInfoReceived - No client-side server mapping version, don't update\[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");
Line Deleted : user_pref("valueApps.CT3311339./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247");
Line Deleted : user_pref("valueApps.CT3311339./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E06CG5EL8:", "6E6D696C6D7173727474");
Line Deleted : user_pref("valueApps.CT3311339./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F72737779787A7A242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3311339./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E31;CJ=HKGIJ#NCF.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3311339./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339./9B-0?3G>D", "6668716D416D74427A7272724620777D4A4B257A7E7C7D2A562526262925282B5A5F602E");
Line Deleted : user_pref("valueApps.CT3311339./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3311339./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3311339./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT3311339./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3311339./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3311339./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B5BA==9CJAG", "3E3C6B414041726D7A78464546747A777D7C7A7A4D");
Line Deleted : user_pref("valueApps.CT3311339./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B6B11G4C56B>F;P;ANR@P", "6E6D696C6D7173727374767278");
Line Deleted : user_pref("valueApps.CT3311339./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3311339./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3311339./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3311339./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3311339./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B<:222H64<L8DAJ", "6D70706F7673747975712A7A79727C75757C21");
Line Deleted : user_pref("valueApps.CT3311339./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3311339./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3311339./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3311339./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3311339./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3311339.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3311339.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.SF_USER_ID", "6369645F3931323230313331383435343532363137333134");
Line Deleted : user_pref("valueApps.CT3311339.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339._key_cl_active", "31376363363566332D646438632D346538662D386262322D323866653066333438636666");
Line Deleted : user_pref("valueApps.CT3311339._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.cb_experience_000", "32");
Line Deleted : user_pref("valueApps.CT3311339.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.cb_firstuse0100", "31");
Line Deleted : user_pref("valueApps.CT3311339.cb_firstuse0100.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.cb_user_id_000", "43423233373832383635323738345F313338363633323430373239365F46697265666F78");
Line Deleted : user_pref("valueApps.CT3311339.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.cbfirsttime", "467269204E6F7620323220323031332032303A32303A353520474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3311339.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appStateReportTime", "31333836363332333139343835");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Easytobookcars", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Easytobookcars.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_JobsMiner", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_JobsMiner.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_lastLoginTime", "31333836363332333330393838");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_settings1.11.4.2.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_userId", "63306435613566352D323161332D346461352D386561362D383832313435623936353338");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.url_history0001", "73746172743A3A3A636C69636B68616E646C65723A3A3A313338363633323431363537362C2C2C73746172743A3A3A636C69636B68616E646C65723A3A3A31333836363332373531313738[...]
Line Deleted : user_pref("valueApps.CT3311339.url_history0001.storedInFile", false);
 
-\\ Google Chrome v
 
[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=5843B3F4-7229-452E-9909-C737F1218B0D&apn_ptnrs=TV&apn_sauid=9B1C373D-6BD1-498C-B55F-1919E621C3B5&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN32357727432219727&ctid=CT3311339&UM=2
Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=snapdovb&country=us&feedid=infospace&st=hp&dpid=us&lan=en&start=1
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=ds&q={searchTerms}&installDate=22/10/2013
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=ds&q={searchTerms}&installDate=22/10/2013
Deleted [Startup_urls] : hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=hp&installDate=22/10/2013
Deleted [Homepage] : hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=hp&installDate=22/10/2013
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kmkdohofefokfmbnlbgebdapndacfklg
Deleted [Extension] : maeijollgfmffkncnabiigmkoomhjnhf
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : ofjgnhihlklpobkaloamkankaaoclfjh
 
*************************
 
AdwCleaner[R0].txt - [53864 octets] - [21/08/2014 22:15:11]
AdwCleaner[S0].txt - [55551 octets] - [21/08/2014 22:27:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [55612 octets] ##########
 

# AdwCleaner v3.309 - Report created 10/09/2014 at 17:47:18
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Smartbar
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\prefs.js ]
 
Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.description", "VisualBee Browser Extension");
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.name", "VisualBee");
Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.publisher", "VisualBee");
Line Deleted : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.acastrojaaolcom62020.62020.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%22%3[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1485334f068db0a8c7567a55225e33c3");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1410145251);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "NA");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 52);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1410145251");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1410145251");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Sep 14 2014 23:19:52 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1410385128");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221409675138%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1410146417549");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%22758676%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1410146391443");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.crossriderapp2258_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.crossriderapp2258_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "149");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Wed Sep 10 2014 23:38:48 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D%2C%22version%22%3Anull%7D"[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.lastDailyReport", "1410385125682");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.lastUpdate", "1410385123840");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/2258/plugins/na/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 74);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 149);
Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "1485334f068db0a8c7567a55225e33c3");
Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1410145251);
Line Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp2258.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp2258.statsDailyCounter", 2);
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp2258%40crossrider.com:0.95.149,DeviceDetection%40logitech.com:1.23.0.5,firefox%40windows.browsersync.us:1.0,youtube-mp3%40eztomp3.com:1.0.8,castro.j[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=ds&q={searchTerms}&installDate=22/10/2013
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [53864 octets] - [21/08/2014 22:15:11]
AdwCleaner[R1].txt - [12365 octets] - [10/09/2014 17:43:36]
AdwCleaner[S0].txt - [55757 octets] - [21/08/2014 22:27:55]
AdwCleaner[S1].txt - [12719 octets] - [10/09/2014 17:47:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12780 octets] ##########
 

# AdwCleaner v3.309 - Report created 11/09/2014 at 17:50:56
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=US&userid=ffc4c091-c557-5d88-5764-b83c463618df&searchtype=ds&q={searchTerms}&installDate=22/10/2013
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [53864 octets] - [21/08/2014 22:15:11]
AdwCleaner[R1].txt - [12365 octets] - [10/09/2014 17:43:36]
AdwCleaner[R2].txt - [1171 octets] - [11/09/2014 17:49:15]
AdwCleaner[S0].txt - [55757 octets] - [21/08/2014 22:27:55]
AdwCleaner[S1].txt - [12869 octets] - [10/09/2014 17:47:18]
AdwCleaner[S2].txt - [1432 octets] - [11/09/2014 17:50:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1492 octets] ##########
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by James at 2014-09-11 18:03:38 Run:1
Running from C:\Users\James\Desktop\faber
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BHO: Plus-HD-3.8 -> {11111111-1111-1111-1111-110311901130} -> C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll No File
BHO: ElectroLyrics-22 -> {11111111-1111-1111-1111-110411411172} -> C:\Program Files (x86)\ElectroLyrics-22\ElectroLyrics-22-bho64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Extension: VisualBee - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com [2013-11-17]
FF Extension: Plus-HD-3.8c - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\castro.ja@aol.com [2014-09-10]
FF Extension: I Want This - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\crossriderapp2258@crossrider.com [2014-09-10]
FF Extension: Search Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\searchtoolbar@zugo.com [2011-05-07]
FF Extension: BrowserSync - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\firefox@windows.browsersync.us.xpi [2013-11-17]
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR DefaultSearchProvider: Default -> Web
CHR Extension: (BrowserSync) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnlecnndagfeppanambbgaeanlmlgcc [2013-11-18]
CHR Extension: (ElectroLyrics-22) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpojdjnhnjecejmfmmfkmpbbpccabdhk [2013-10-22]
CHR Extension: (Poppit!) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-03-16]
CHR HKCU\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx [2013-11-14]
CHR HKCU\...\Chrome\Extension: [kbnlecnndagfeppanambbgaeanlmlgcc] - C:\Users\James\AppData\Roaming\BrowserSync\CH\CH.crx [2013-11-17]
CHR HKLM-x32\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx [2013-11-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
Task: {34631C01-5ABB-4067-94EB-61A1D75F6457} - System32\Tasks\VisualBee-firefoxinstaller => C:\Program Files (x86)\VisualBee\VisualBee-firefoxinstaller.exe <==== ATTENTION
Task: {590983AA-4AE6-4DA4-A831-C1C9B2AE2E2D} - System32\Tasks\VisualBee-updater => C:\Program Files (x86)\VisualBee\VisualBee-updater.exe <==== ATTENTION
Task: {868506D1-EEFD-43C9-8249-3124D1FB7D05} - System32\Tasks\VisualBee-chromeinstaller => C:\Program Files (x86)\VisualBee\VisualBee-chromeinstaller.exe <==== ATTENTION
Task: {B02A3FBD-36A8-419D-9494-27C1B0373495} - System32\Tasks\VisualBee-codedownloader => C:\Program Files (x86)\VisualBee\VisualBee-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-chromeinstaller.job => C:\Program Files (x86)\VisualBee\VisualBee-chromeinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-codedownloader.job => C:\Program Files (x86)\VisualBee\VisualBee-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-firefoxinstaller.job => C:\Program Files (x86)\VisualBee\VisualBee-firefoxinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\VisualBee-updater.job => C:\Program Files (x86)\VisualBee\VisualBee-updater.exe <==== ATTENTION
 
End
*****************
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110311901130}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411172}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110411411172}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com => Moved successfully.
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\castro.ja@aol.com => Moved successfully.
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\crossriderapp2258@crossrider.com => Moved successfully.
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\searchtoolbar@zugo.com => Moved successfully.
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\zhzkjjy5.default\Extensions\firefox@windows.browsersync.us.xpi => Moved successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Web ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnlecnndagfeppanambbgaeanlmlgcc => Moved successfully.
C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpojdjnhnjecejmfmmfkmpbbpccabdhk => Moved successfully.
C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\eajpfgckapbejakplmjlcakccjihopih" => Key deleted successfully.
C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\kbnlecnndagfeppanambbgaeanlmlgcc" => Key deleted successfully.
C:\Users\James\AppData\Roaming\BrowserSync\CH\CH.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eajpfgckapbejakplmjlcakccjihopih" => Key deleted successfully.
"C:\Users\James\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34631C01-5ABB-4067-94EB-61A1D75F6457}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34631C01-5ABB-4067-94EB-61A1D75F6457}" => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-firefoxinstaller => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{590983AA-4AE6-4DA4-A831-C1C9B2AE2E2D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{590983AA-4AE6-4DA4-A831-C1C9B2AE2E2D}" => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{868506D1-EEFD-43C9-8249-3124D1FB7D05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{868506D1-EEFD-43C9-8249-3124D1FB7D05}" => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-chromeinstaller => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B02A3FBD-36A8-419D-9494-27C1B0373495}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B02A3FBD-36A8-419D-9494-27C1B0373495}" => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-codedownloader => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-codedownloader" => Key deleted successfully.
C:\windows\Tasks\VisualBee-chromeinstaller.job => Moved successfully.
C:\windows\Tasks\VisualBee-codedownloader.job => Moved successfully.
C:\windows\Tasks\VisualBee-firefoxinstaller.job => Moved successfully.
C:\windows\Tasks\VisualBee-updater.job => Moved successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (30.0) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 12 September 2014 - 07:05 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 17

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If some Windows Updates are still to be installed do them one at a time instead of updating everything at once.

How is the computer running?

#7 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 12 September 2014 - 10:23 AM

it is running much better, thanks!

 

It still doesnt like to boot for some reason. The power will come on, but it just stops there, no boot screen, nothing. It will work after several attempts.

Maybe that's a bad switch or some other hardware issue? Otherwise, it works fine when it is on.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 13 September 2014 - 08:01 AM

Could be hardware problem.
Some components must be heated to work well.

Start you computer let it alone for 10 minutes and restart it.
Does the problem persists?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 19 September 2014 - 08:49 AM

Are you still with me?

#10 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 19 September 2014 - 09:29 AM

Sorry for the delay.

 

It still doesn't boot up the first time, but after letting it sit the 10 minutes like you said it usually does boot the 2nd time, without an error.

Seems to be functioning well, other than that. :)



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 19 September 2014 - 01:16 PM

Sure looks like a hardware problem.
It works fine when the components are hot.

See if you can get help here.

Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

Make sure you have a good backup of your important files.
In case if fails to boot.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 25 September 2014 - 10:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users