Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to connect to proxy server_Windows 7 Home Premium


  • This topic is locked This topic is locked
20 replies to this topic

#1 Malwarevictim69

Malwarevictim69

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 16 November 2014 - 05:02 PM

Hello.

 

So basically this whole thing started with me wanting to mod a game i had, and adding a car to it. As i was searching around i got on one website which was a Russian website and it basically downloaded around 13 unknown program, and non of them were a mod. In retaliation agents the commies i downloaded avg to my PC and it got rid of most of them but i still had these weird ads on the side of my browser so i thought i bring out the big guns and use Malwarebytes on my PC. i defeated the commies and got rid of all the Nuke programs they hit me with, but sense the Russians as we know from history are very persistent, they  somehow managed to attack my symbol of freedom which is my internet browsers. I have tried every simple method i can find on the internet, which involved safe mode and all that other stuff, and i am now in a position where i may have to create a new republic and start over, and by that i mean spend $100 on a windows 7 CD sense i lost my original (don't ask how). anyways, i am not very skilled in the art of computing but i am a quick learner so id appreciate the help.

 

- according to malwarebytes my pc is clear of malware

- i cant change my proxy settings, something about me needing to ask the administrator for help.

-that's all i know...... 

-This is the link to the previous topic i opened,( http://www.bleepingcomputer.com/forums/t/555911/unable-to-connect-to-proxy-server-windows-7-home-premium/ )

- i have attached the two files that dds created as requested. 

 

your help is appreciated. 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 21 November 2014 - 05:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556440 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Malwarevictim69

Malwarevictim69
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 21 November 2014 - 05:50 PM

Hello here are my new dds files. all the other stuff has been included previously. 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 23 November 2014 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Run this tool to clean your Temporary files/Folders.
 
Download TFC to your desktop
  •  
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  •  
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
  •  
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
 
===
 
 
Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
Wait for further instructions.


#5 Malwarevictim69

Malwarevictim69
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 23 November 2014 - 03:25 PM

Here is the AdwCleaner log.

# AdwCleaner v4.101 - Report created 23/11/2014 at 14:12:11

# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : hamza - MHA-PC
# Running from : E:\adwcleaner_4.101.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : netfilter64
[#] Service Deleted : vToolbarUpdater18.0.5
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\TVWizard
Folder Deleted : C:\ProgramData\Assistant
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Sidekick Manager
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\CouupEXtuensiOn
Folder Deleted : C:\ProgramData\saFewoeb
Folder Deleted : C:\ProgramData\ssaafeweb
Folder Deleted : C:\ProgramData\d2e064d5a5b4531f
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\jfilemanager
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Program Files (x86)\saFewoeb
Folder Deleted : C:\Program Files (x86)\ssaafeweb
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\hamza\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\hamza\AppData\Local\torch
Folder Deleted : C:\Users\hamza\AppData\Local\CheckCode
Folder Deleted : C:\Users\hamza\AppData\Local\CrashRpt
Folder Deleted : C:\Users\hamza\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\hamza\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\hamza\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\hamza\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\hamza\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\hamza\AppData\Roaming\System Speedup
Folder Deleted : C:\Users\hamza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Mohammed\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Mohammed\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Mohammed\AppData\Local\torch
Folder Deleted : C:\Users\Mohammed\AppData\Local\CheckCode
Folder Deleted : C:\Users\Mohammed\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Mohammed\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Mohammed\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Mohammed\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Folder Deleted : C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidekick Manager
Folder Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[!] Folder Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[!] Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\hdvc@hdvc.com.xpi
Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\ScorpionSaver@jetpack
Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\hzot5ev@crpqxjzwf.co.uk
Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\oqqruh@eu-i.com
Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\pyrv@xpqkioee.net
Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\qd4aaieeb@ffs-zee.edu
Folder Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\Extensions\qd4aaieeb@ffs-zee.edu
Folder Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\rz7mdv@wnpvdodoqs.edu
Folder Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcajpdcjfekhfnapaiphaecoajeollnc
Folder Deleted : C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Google\Chrome\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\hamza\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cckahkoimnbpflhhobnanhfdihegpedf
Folder Deleted : C:\Users\Mohammed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cckahkoimnbpflhhobnanhfdihegpedf
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\hamza\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Mohammed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\enelnfebchieogohpoghegogjnpajemk
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\hamza\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Mohammed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fdecijcoljndbjimicplgblfgdlehmhk
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\hamza\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Mohammed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnhfjgcolncihhckhflfpihiddopnmko
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\hamza\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\Hamza m.sadeeq\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
Folder Deleted : C:\Users\Mohammed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhkcnikhiejoejgbhejeajohfdgiofmo
File Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\hdvc@hdvc.com.xpi
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\invalidprefs.js
File Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\searchplugins\bProtect.xml
File Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\search.xml
File Deleted : C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\user.js
File Deleted : C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\2v56zjld.default\user.js
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage-journal
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : BackgroundContainer Startup Task
Task Deleted : Browser Manager
Task Deleted : DTReg
Task Deleted : Funmoods
Task Deleted : paretologic registration3
Task Deleted : paretologic update version3
Task Deleted : SomotoUpdateCheckerAutoStart
Task Deleted : System Speedup
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0e1f1609-69e7-46a9-843c-4894c6e4a1b0}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{4E15AE7C-1148-4500-E208-F9307E49FBD0}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pcajpdcjfekhfnapaiphaecoajeollnc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\sAfeewweb.sAfeewweb
Key Deleted : HKLM\SOFTWARE\Classes\sAfeewweb.sAfeewweb.1.1
Key Deleted : HKLM\SOFTWARE\Classes\safeWWEbi.safeWWEbi
Key Deleted : HKLM\SOFTWARE\Classes\safeWWEbi.safeWWEbi.1.1
Key Deleted : HKLM\SOFTWARE\Classes\CoouepExtoenSIOn.CoouepExtoenSIOn
Key Deleted : HKLM\SOFTWARE\Classes\CoouepExtoenSIOn.CoouepExtoenSIOn.1.3
Key Deleted : HKLM\SOFTWARE\Classes\sAAfeweb.sAAfeweb
Key Deleted : HKLM\SOFTWARE\Classes\sAAfeweb.sAAfeweb.1.1
Key Deleted : HKCU\Software\8538888bc6eea13
Key Deleted : HKLM\SOFTWARE\8538888bc6eea13
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-990783876
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2998365
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299568
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CEDC11-018F-2454-5DD0-29A26379F99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67922B25-184E-0D73-BCFB-E5BB40081006}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4279E07-BB24-A8B8-745C-780E519BD062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E16A2956-8CE8-0011-C737-D92D42C8B6AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44CEDC11-018F-2454-5DD0-29A26379F99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67922B25-184E-0D73-BCFB-E5BB40081006}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4279E07-BB24-A8B8-745C-780E519BD062}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E16A2956-8CE8-0011-C737-D92D42C8B6AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44CEDC11-018F-2454-5DD0-29A26379F99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67922B25-184E-0D73-BCFB-E5BB40081006}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4279E07-BB24-A8B8-745C-780E519BD062}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E16A2956-8CE8-0011-C737-D92D42C8B6AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44CEDC11-018F-2454-5DD0-29A26379F99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{67922B25-184E-0D73-BCFB-E5BB40081006}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4279E07-BB24-A8B8-745C-780E519BD062}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E16A2956-8CE8-0011-C737-D92D42C8B6AD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44CEDC11-018F-2454-5DD0-29A26379F99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{67922B25-184E-0D73-BCFB-E5BB40081006}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4279E07-BB24-A8B8-745C-780E519BD062}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E16A2956-8CE8-0011-C737-D92D42C8B6AD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\System Speedup
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\System Speedup
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-9.4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{497C131E-2032-051B-B32A-C69A960FBB13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\216F88E93A00F2B5494EDDCFD502D42E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B417119DEEF2AE52B41C910B4B269FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82306010F2A8A02519C2D6D1A4B48415
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF767AE36C8829547ACD71A4249A42B9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9A2A2663AD8ED75E83332ACA3689A31
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDCBFFB76F9A2B15D9A475A10FA793A6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\526AB318AF0B8D84B9579557C9882C91
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B01F3F08771A494439EC8990D0180939
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.CONDUIT_UPDATE_converterVersion.enc", "OC4xLjEuNjU=");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.CONDUIT_UPDATE_playerVersion.enc", "MTAuNC4wLjYy");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.CONDUIT_UPDATE_streamerVersion.enc", "MS4wLjAuMTE5");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.FF19Solved", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.FirstTime", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.FirstTimeFF3", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.RestartDialogFirstTime", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.RestartDialogShouldDisplay", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.UserID", "UN28162341852719832");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.autoDisableScopes", 0);
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.browser.search.defaultthis.engineName", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.countryCode", "US");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.defaultSearch", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.enableAlerts", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.enableFix404ByUser", "TRUE");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.enableSearchFromAddressBar", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.firstTimeDialogOpened", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.fixPageNotFoundError", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.fixUrls", true);
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.fullUserID", "UN28162341852719832.UP.20130703171814");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installDate", "17/5/2013 17:50:32");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installId", "stub.exe");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installSessionId", "{1DFFF8E4-5D37-4AA8-9910-CE5AAEF643E2}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installSp", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installType", "conduitnsisintegration");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installUsage", "2013-05-18T01:51:01.7152179+03:00");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installUsageEarly", "2013-05-18T01:50:59.3907881+03:00");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.installerVersion", "1.4.2.3");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.isCheckedStartAsHidden", true);
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.keyword", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.lastVersion", "10.31.2.501");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.migrateAppsAndComponents", true);
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.babylon.com%2F%3Fbabsrc%3DTB_flbprot%26mntrId%3Dffx_id\",\"EB_MAIN_FRAME_TITLE\":\"Babylon%20Search\",\"EB_SE[...]
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.openThankYouPage", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.openUninstallPage", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalHomepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3031D5A3-A875-11E2-AE5A-8C89A5DE14CB}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalSearchAddressUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={3031D5A3-A875-11E2-AE5A-8C89A5DE14CB}&q=");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.originalSearchEngine", "Bing");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.performedDomainChangesMigration", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.revertSettingsEnabled", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.search.searchAppId", "10000002");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.search.searchCount", "1");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchFromAddressBarEnabledByUser", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchInNewTabEnabledByUser", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchRevert", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchSuggestEnabledByUser", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.searchUserMode", "2");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3288691\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DivXBrowserBar.OurToolbar.com//xpi\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DivX Browser Bar \"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1409243302826");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1397006437421");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1397006436719");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1397006436975");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368831054806");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368831057365");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_location_lastUpdate", "1372795046849");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.2.10_lastUpdate", "1368831057170");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.2.510_lastUpdate", "1372791616680");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1378155028571");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378760589382");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.20.0.513_lastUpdate", "1397006482895");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399490752919");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.30.1.502_lastUpdate", "1403837958849");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_login_10.31.2.501_lastUpdate", "1409258286825");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1397006436997");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1409243302450");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1409243302186");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1397006436954");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1409258286927");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.serviceLayer_services_translation_lastUpdate", "1409243302193");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.settingsINI", true);
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.shouldFirstTimeDialog", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.showToolbarPermission", "false");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.CTID", "CT3288691");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.Uninstall", "0");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.homepage", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.startPage", "true");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarBornServerTime", "18-5-2013");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarCurrentServerTime", "28-8-2014");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.toolbarLoginClientTime", "Fri May 17 2013 17:50:57 GMT-0500 (Central Daylight Time)");
[w0qi9pn0.default\prefs.js] - Line Deleted : user_pref("CT3288691.versionFromInstaller", "10.16.2.10");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_TMP_city", "AUSTIN");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_TMP_country", "US");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_country", "UNITED STATES");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_locId", "USTX0057");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_location", "Austin, TX");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_region", "US");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_temp_dis", "f");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.1000234.TWC_wind_dis", "mph");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.FirstTime", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.FirstTimeFF3", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.RestartDialogFirstTime", "false");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.RestartDialogShouldDisplay", "false");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.UserID", "UN13547639972041911");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.addressBarTakeOverEnabledInHidden", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.appOptions", "{\"1000034\":{\"render\":true}}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.browser.search.defaultthis.engineName", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.countryCode", "US");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.dum", "1");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.firstTimeDialogOpened", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.fixPageNotFoundErrorByUser", "TRUE");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.fixPageNotFoundErrorInHidden", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.fullUserID", "UN13547639972041911.UP.20130625115753");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.installType", "Unknown");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.isCheckedStartAsHidden", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.keyword", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.lastVersion", "10.34.0.503");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.mam_gk_installer_preapproved.enc", "VFJVRQ==");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.elahmad.com%2Ftv%2FWebtv%2FArabian.htm\",\"EB_MAIN_FRAME_TITLE\":\"%D9%82%D9%86%D9%88%D8%A7%D8%AA%20%D8%B9%D8%B1[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.originalHomepage", "hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7Bf0f44db3-c887-48bd-a19e-cd46b5718d5d%7D&mid=b2d43343cdba47d08f295dc0e33afd38-12c0d9b93fcbe9147f406cafe4a0a0f9[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.originalSearchAddressUrl", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.originalSearchEngine", "Google");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.originalSearchEngineName", "Google");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.performedDomainChangesMigration", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\"]\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.revertSettingsEnabled", "false");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.search.searchAppId", "129484477948531726");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.search.searchCount", "1");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchFromAddressBarEnabledByUser", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchInNewTabEnabledByUser", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchInNewTabEnabledInHidden", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchSuggestEnabledByUser", "True");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchUninstallUserMode", "4");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchUserMode", "4");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2998365\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://TrustyWorthy.OurToolbar.com//xpi\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"TrustyWorthy \"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_Configuration_lastUpdate", "1412265765382");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1400852870898");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_appsMetadata_lastUpdate", "1401681792947");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1400852871127");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400880177887");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_login_10.31.0.526_lastUpdate", "1412265765252");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_login_10.34.0.503_lastUpdate", "1412268946340");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1400852871107");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_searchAPI_lastUpdate", "1412265765311");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_serviceMap_lastUpdate", "1412265765235");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_setupAPI_lastUpdate", "1399562865827");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_toolbarContextMenu_lastUpdate", "1401681792838");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_toolbarSettings_lastUpdate", "1412272965476");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.serviceLayer_services_translation_lastUpdate", "1412265764363");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.settingsINI", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.showToolbarPermission", "false");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.smartbar.CTID", "CT2998365");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.smartbar.Uninstall", "0");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.smartbar.homepage", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.smartbar.toolbarName", "TrustyWorthy ");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.toolbarBornServerTime", "6-5-2014");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.toolbarCurrentServerTime", "2-10-2014");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.toolbarInstallDate", "08-05-2014 10:27:45");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.toolbarLoginClientTime", "Thu May 08 2014 10:27:45 GMT-0500 (Central Standard Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1412268944802,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchEngineList", "TrustyWorthy Customized Web Search");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2998365");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.UV6myutIekB.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.net\")>-1url.[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.asyncdb.was_copied", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.asyncdb_dbWasSet", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.asyncdb_dbWasSet_FF25_FIX", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.asyncinternaldb.was_copied", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.asyncinternaldb_dbWasSet", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.asyncinternaldb_dbWasSet_FF25_FIX", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 43);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1399562850");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1399562850");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Thu Oct 02 2014 13:55:13 GMT-0500 (Central Standard Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22/**/%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Thu Oct 02 2014 13:55:13 GMT-0500 (Central Standard Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Thu Oct 09 2014 11:02:29 GMT-0500 (Central Standard Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1412275879");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221411582295%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.value", "24");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.value", "1400852875");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1399562924566");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%22581768%22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1399562872477");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.crossriderapp4479_dbWasSet", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.crossriderapp4479_dbWasSet_FF25_FIX", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "102");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Thu Oct 02 2014 17:02:29 GMT-0500 (Central Standard Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.lastDailyReport", "1412265749597");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.lastUpdate", "1412265748666");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/na/ff/plugins.json");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 73);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 102);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.FilesValidatorDueTime", "1412265821458");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.bic", "145dc724da6c529b9adb1732e5481e13");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1399562850);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.reportInstall", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4479.statsDailyCounter", 6);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "Firefox%40365scores.com:1.1.2,%7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172,gethighlightly%40gethighlightly.com:1.9.0.0,yesscript%40userstyles.org:2.0,avg[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "nv1");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "8C89A5DE14CB8B6B");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlDay", "15724");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:16:51");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.LayoutId", "1");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.043383027324399456,\"s\":0,\"es\":3}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.adapters", "{\"adblockedge\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"13995628[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.imitinjs.info/imitin/javascript.js\",\"querySt[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCt8K4wrTCt8KzwrHCuMK5\",\"raw_pkgid\":\"169562098\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42    \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCt8K4wrTCt8KzwrHCuMK5");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent101", "1412265800743");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent102", "1412265770458");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.trackExternalScripts1", "1399562882488");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.trackExternalScripts2", "1399562883859");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.trackExternalScripts3", "1399562927088");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.trackExternalScripts6", "1412266656752");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.trackExternalScripts7", "1412265765729");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.version", "8.17.2.1");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.17.2.1\",\"InstallEventCTime\":1399562847829,\"InstallEvent\":\"True\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2998365");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT2998365");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT2998365");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "Y4B8TLKE+UDZ1AEFWVL5CH2MTUEOC/EXKAYE/AHOY3PLVOF4ZS2EWKN1AOOHSS4YHDAUECBCA++9MI2XC7MXDA");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E+x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E,x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E-x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E.:2z527", "2423");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E.:2z527.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E.x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E/x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E06CG5EL8:", "6E6C7070716E706E766F");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E06CG5EL8:.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E06CG5EL;8I:K", "247E2D2F226A74727676777476747C75242F4B49474F42357D5D5C3D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E06CG5EL;8I:K.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E0x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E1x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E2x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E31;CJI5E K@C.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E3x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E4x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E5x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E6x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E7x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E8x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E9x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E:x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E;x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E<x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E=x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E>x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E?x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7E@x305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7EAx305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7EBE3G=;D9N9=D.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7EBx305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7ECx305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7EDx305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B+7Etx305.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-0?3G>D", "39693E6D6B406F6E7A6F787349207C7E4A7925794F24502A272624242525282D2D2F5D2D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-0?3G>D.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-0?3G@6:5;", "");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-0?3G@6:5;.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-0?3GFA7EF", "2B2E2C3D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-0?3GFA7EF.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A2329282A31323334353A455F67566B5D67566F596B5F5F6A6567553E72786E687760");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B-3=3ECCJA=F>.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B3=>@44I48?.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B5BA==9CJAG", "3D6E6B3F3E406E6D7A784576744A7879207A7D4C24");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B5BA==9CJAG.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B6B11G4C56B>F;P;ANR@P", "6E6C7070716E706E7678747574");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B9643G3/9E", "6A");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B9643G3/9E.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B;45>:BI9I7IE", "2B2E2C3D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B;45>:BI9I7IE.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B<:222H64<", "393F352F3E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B<:222H64<.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B<:222H64<L8DAJ", "6D70706E7674707977702A7976727B7675207B");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B<:222H64<L8DAJ.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B=+03EH8H8J?:", "4443");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B=+03EH8H8J?:.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B?+E2A52D8.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B?B0D:8AJ62<H", "6D");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9B?B0D:8AJ62<H.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9BA@0<0BI6A7GN:6@L?", "6C");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.PG_ENABLE", "74727565");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.PG_ENABLE.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.SF_JUST_INSTALLED", "46414C5345");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.SF_JUST_INSTALLED.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.SF_STATUS", "454E41424C4544");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.SF_STATUS.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.SF_USER_ID", "6369645F38353230313431303238353037383238393533");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.SF_USER_ID.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cb_experience_000", "32");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cb_experience_000.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cb_firstuse0100", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cb_firstuse0100.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cb_user_id_000", "43423235303538373835313337385F313431323236383935333133325F46697265666F78");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cb_user_id_000.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cbfirsttime", "546875204D617920303820323031342031303A32383A303420474D542D30353030202843656E7472616C205374616E646172642054696D6529");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.cbfirsttime.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appStateReportTime", "31343132323635373730343034");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appStateReportTime.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_CouponBuddy", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_CouponBuddy.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_Easytobook", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_Easytobook.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_Easytobook_targeted", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_Easytobook_targeted.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_Find-a-Pro", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_Find-a-Pro.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_PopBITGames", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_PopBITGames.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_PriceGong", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_PriceGong.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_WindowShopper", "6F6E");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appState_WindowShopper.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appsConfig.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appsDefaultEnabled", "6E756C6C");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_appsDefaultEnabled.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_calledSetupService", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_calledSetupService.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_currentVersion", "312E31332E302E3137");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_currentVersion.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_existingUsersRecoveryDone", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_existingUsersRecoveryDone.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_first_time", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_first_time.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_lastLoginTime", "31343132323635373730353738");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_lastLoginTime.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_localization.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_mamEnabled", "74727565");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_mamEnabled.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_migrated_from_ls", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_migrated_from_ls.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_new_welcome_experience", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_new_welcome_experience.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_settings1.13.0.17.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_showWelcomeGadget", "66616C7365");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_showWelcomeGadget.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_stamp", "313139395F30");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_stamp.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_userBornDate", "4E2F41");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_userBornDate.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_userId", "30646337393466302D346334372D343633372D393535312D363766643133313262666134");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_userId.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_user_approval_interacted", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_user_approval_interacted.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_welcomeDialogMode", "31");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.mam_gk_welcomeDialogMode.storedInFile", false);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("valueApps.CT2998365.url_history0001.storedInFile", true);
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[2v56zjld.default\prefs.js] - Line Deleted : user_pref("CT2998365.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
 
-\\ Google Chrome v36.0.1985.143
 
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : cckahkoimnbpflhhobnanhfdihegpedf
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kpkbnefaikfaeadgidhpoanckoiaheli
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk
[C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=palada&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
 
-\\ Comodo Dragon v
 
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=palada&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
 
*************************
 
AdwCleaner[R0].txt - [91451 octets] - [23/11/2014 13:55:16]
AdwCleaner[S0].txt - [97586 octets] - [23/11/2014 14:12:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [97647 octets] ##########
 
 
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
This is the frst log.
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by hamza (administrator) on MHA-PC on 23-11-2014 14:16:24
Running from E:\
Loaded Profile: hamza (Available profiles: Mohammed & hamza & Hamza m.sadeeq)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Windows\SysWOW64\afasrv64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.5\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Web Layers\updater.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.5\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKU\S-1-5-21-2077682838-4252401403-3781388596-1005\...\Run: [GoogleChromeAutoLaunch_B0AD5FF29A4028B4F6FF0AFC74ACAC17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-2077682838-4252401403-3781388596-1005\...\Run: [Google Update] => C:\Users\hamza\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-23] (Google Inc.)
HKU\S-1-5-21-2077682838-4252401403-3781388596-1005\...\Policies\Explorer: [] 
HKU\S-1-5-21-2077682838-4252401403-3781388596-1005\...\MountPoints2: {30e9ae36-e48c-11e1-b9f7-00030d000001} - N:\noautorun.exe
HKU\S-1-5-21-2077682838-4252401403-3781388596-1005\...\MountPoints2: {3ce7a7e5-dced-11e1-9a66-00030d000001} - K:\Setup.exe
HKU\S-1-5-21-2077682838-4252401403-3781388596-1005\...\MountPoints2: {3ce7a7e8-dced-11e1-9a66-00030d000001} - L:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2456} URL = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=456&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {86A3A6B4-8180-4AE4-B469-25BF051CDF14} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2456} URL = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=456&sr=0&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ActiveMail -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ActiveMail -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} ->  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF ProfilePath: C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B20cd44fe-5d29-494d-aae6-dd913f66d1c0%7D&mid=b2d43343cdba47d08f295dc0e33afd38-12c0d9b93fcbe9147f406cafe4a0a0f94eec31ef&ds=AVG&coid=avgtbavg&cmpid=&v=18.0.5.292&lang=en&pr=sa&d=2014-02-05%2020%3A47%3A57&sap=hp
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\hamza\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\hamza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\hamza\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\hamza\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\hamza\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hamza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\hamza\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\hamza\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\hamza\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: KeyBar 1.14  - C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606} [2013-09-10]
FF Extension: Adblock Plus - C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-17]
FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.5.292 [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (AdBlock) - C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-22]
CHR Extension: (Google Wallet) - C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR HKCU\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM-x32\...\Chrome\Extension: [ghdomkkcnldpmfcefiaaahchgoinofkb] - C:\Program Files (x86)\Web Layers\gcclient.crx [2013-07-23]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\133.crx [2013-05-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2012-08-01] () [File not signed]
S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-01] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-01] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-07-12] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.5\SymcPCCULaunchSvc.exe [123320 2012-03-09] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.5\ccSvcHst.exe [126392 2012-03-09] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-26] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-01-17] (Copyright 2013 SAMSUNG)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WebUpdater; C:\Program Files (x86)\Web Layers\updater.exe [33064 2013-07-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-02] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-22] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-23 13:55 - 2014-11-23 14:12 - 00000000 ____D () C:\AdwCleaner
2014-11-23 13:46 - 2014-11-23 13:45 - 00448512 _____ (OldTimer Tools) C:\Users\hamza\Desktop\TFC.exe
2014-11-21 16:45 - 2014-11-21 16:45 - 00013392 _____ () C:\Users\hamza\Desktop\attach.txt
2014-11-21 16:45 - 2014-11-21 16:44 - 00038168 _____ () C:\Users\hamza\Desktop\dds.txt
2014-11-17 17:11 - 2014-11-17 17:12 - 00005709 _____ () C:\Users\hamza\Desktop\avgremover.log
2014-11-17 17:11 - 2014-11-17 17:11 - 00000000 ____D () C:\Users\hamza\AppData\Local\Avg2015
2014-11-17 17:10 - 2014-11-17 17:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-17 17:10 - 2014-11-17 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-17 17:10 - 2014-11-17 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-17 17:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-17 17:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-13 17:48 - 2014-11-13 17:48 - 00000928 _____ () C:\Users\Mohammed\Desktop\NTREGOPT.lnk
2014-11-13 17:48 - 2014-11-13 17:48 - 00000928 _____ () C:\Users\hamza\Desktop\NTREGOPT.lnk
2014-11-13 17:48 - 2014-11-13 17:48 - 00000928 _____ () C:\Users\Hamza m.sadeeq\Desktop\NTREGOPT.lnk
2014-11-13 17:48 - 2014-11-13 17:48 - 00000909 _____ () C:\Users\Mohammed\Desktop\ERUNT.lnk
2014-11-13 17:48 - 2014-11-13 17:48 - 00000909 _____ () C:\Users\hamza\Desktop\ERUNT.lnk
2014-11-13 17:48 - 2014-11-13 17:48 - 00000909 _____ () C:\Users\Hamza m.sadeeq\Desktop\ERUNT.lnk
2014-11-13 17:48 - 2014-11-13 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-11-13 17:48 - 2014-11-13 17:48 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-11-12 20:15 - 2014-11-22 11:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 20:15 - 2014-11-12 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-12 20:14 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 20:08 - 2014-11-12 20:31 - 00000000 ____D () C:\Users\hamza\Desktop\mbar
2014-11-12 19:57 - 2014-11-13 18:01 - 00000000 ____D () C:\Program Files\Shield
2014-11-12 19:57 - 2014-11-12 19:57 - 00006004 ____N () C:\Windows\system32\Drivers\shieldmamd64.cat
2014-11-12 19:56 - 2014-11-12 19:56 - 00000000 ____D () C:\Windows\system32\configfix
2014-11-11 15:54 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 15:54 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 15:54 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 15:54 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 15:54 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 15:54 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 15:54 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 15:54 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 15:54 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 15:54 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 15:54 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 15:54 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 15:54 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 15:54 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 15:54 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 15:54 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 15:54 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 15:54 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 15:54 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 15:54 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 15:54 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 15:54 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 15:54 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 15:54 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 15:54 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 15:54 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 15:54 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 15:54 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 15:54 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 15:54 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 15:54 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 15:54 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 15:54 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 15:54 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 15:54 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 15:54 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 15:54 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 15:54 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 15:54 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 15:54 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 15:54 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 15:54 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 15:54 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 15:54 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 15:54 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 15:54 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 15:54 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 15:54 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 15:54 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 15:54 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 15:54 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 15:54 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 15:54 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 15:54 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 15:54 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 15:54 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 15:54 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 15:54 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 15:54 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 15:54 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 15:54 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 15:54 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 15:54 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 15:54 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 15:54 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 15:54 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 15:54 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 15:54 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 15:53 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 15:53 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 15:53 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 15:53 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 15:53 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 15:53 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 15:53 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 15:53 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 15:53 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 15:53 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 15:53 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 15:53 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 15:53 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 15:53 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 15:53 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 15:53 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 15:53 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 15:53 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 15:53 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 15:53 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 15:53 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 15:53 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 15:53 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 15:55 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-09 15:55 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-09 15:46 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-09 15:46 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-09 15:46 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-09 15:46 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-09 15:45 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-09 15:45 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-09 15:45 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-09 15:45 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-09 15:14 - 2014-11-12 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 15:09 - 2014-11-09 15:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\hamza\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-09 13:58 - 2014-11-09 13:58 - 00321848 _____ (Malwarebytes Corporation) C:\Users\hamza\Desktop\mbam-clean-2.1.1.1001.exe
2014-11-09 13:43 - 2014-11-09 13:43 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\hamza\Desktop\avg_remover_stf_x64_2015_5501.exe
2014-11-09 12:30 - 2014-11-09 12:30 - 00116416 _____ () C:\Windows\system32\.crusader
2014-11-09 12:17 - 2014-11-09 12:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 11:21 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-09 11:21 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-09 11:21 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-09 11:21 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-09 11:21 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-09 11:21 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-09 11:21 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-09 11:21 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-09 11:21 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-09 11:21 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-09 11:21 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-09 11:21 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-11-09 11:21 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-09 11:21 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-11-09 11:21 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-11-09 11:21 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-11-09 11:21 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-11-09 11:21 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-09 11:21 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-09 11:21 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-11-09 11:21 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-11-09 11:21 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-11-09 11:21 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-11-09 11:20 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-09 11:20 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-09 11:20 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-09 11:20 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-09 11:20 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-11-09 11:20 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-11-09 11:20 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-11-09 11:20 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-11-09 11:20 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-11-09 11:20 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-11-09 11:20 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-11-09 11:20 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-11-09 11:20 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-11-09 11:20 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-11-09 11:20 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-11-09 11:20 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-11-09 11:20 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-11-09 11:20 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-11-09 11:20 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-11-09 11:20 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-11-09 11:20 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-11-09 11:20 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-11-09 11:19 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-09 11:19 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-09 11:19 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-09 11:19 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-09 11:19 - 2014-08-28 20:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-09 11:19 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-09 11:19 - 2014-08-28 20:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-11-09 11:19 - 2014-08-28 20:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-09 11:19 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-09 11:19 - 2014-08-28 19:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-09 11:19 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-09 11:19 - 2014-08-28 19:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-09 11:19 - 2014-08-28 19:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-09 11:19 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-09 11:19 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-09 11:19 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-09 11:19 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-09 11:19 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-09 11:19 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-09 11:19 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-09 11:19 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-09 11:18 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-09 11:18 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-09 11:18 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-09 11:18 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-09 11:18 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-09 11:18 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-09 11:17 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-09 11:17 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-09 11:17 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-09 11:17 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-09 11:12 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-09 11:12 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-09 11:11 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-09 11:11 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-08 08:18 - 2014-11-23 14:16 - 00000000 ____D () C:\FRST
2014-11-07 17:31 - 2014-11-08 23:03 - 00000000 ____D () C:\Users\Hamza m.sadeeq\AppData\Local\LogMeIn Hamachi
2014-11-07 17:31 - 2014-11-07 17:31 - 00000000 ____D () C:\Users\Hamza m.sadeeq\AppData\Local\Razer
2014-11-07 17:31 - 2014-11-07 17:31 - 00000000 ____D () C:\Users\Hamza m.sadeeq\AppData\Local\LogMeIn
2014-11-07 17:12 - 2014-11-07 17:12 - 00000000 ____D () C:\Users\hamza\Documents\firewall
2014-11-07 17:08 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-07 17:08 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-07 17:08 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-07 17:08 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-07 17:08 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-07 17:08 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-07 17:08 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-07 17:08 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-07 17:08 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-07 17:08 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-07 17:08 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-07 17:08 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-07 06:51 - 2014-11-12 15:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-06 21:11 - 2014-11-23 14:14 - 00001792 _____ () C:\Windows\setupact.log
2014-11-06 21:11 - 2014-11-06 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-06 21:10 - 2014-11-23 14:13 - 02203530 _____ () C:\Windows\PFRO.log
2014-11-06 20:17 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-06 20:00 - 2014-11-06 20:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\hamza\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-06 19:42 - 2014-11-08 22:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-06 19:42 - 2014-11-06 19:42 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-06 19:42 - 2014-11-06 19:42 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-06 19:42 - 2014-11-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-06 19:41 - 2014-11-06 19:41 - 04976456 _____ (Piriform Ltd) C:\Users\hamza\Downloads\ccsetup419.exe
2014-11-06 19:39 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-06 19:39 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-06 19:39 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-06 19:39 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-06 19:38 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-06 19:38 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-06 19:38 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-06 19:38 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-06 19:38 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-06 19:38 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-06 19:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-06 19:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-06 19:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-06 19:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-05 20:49 - 2014-11-05 20:49 - 00003114 _____ () C:\Windows\System32\Tasks\{B8BE2F68-FDF8-4018-8290-0C1D52F84FA6}
2014-11-05 20:40 - 2014-11-08 23:04 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-11-05 20:40 - 2014-11-05 20:40 - 00875012 _____ () C:\Users\hamza\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2014-11-05 20:40 - 2014-11-05 20:40 - 00707354 _____ () C:\Windows\unins000.exe
2014-11-05 20:40 - 2014-11-05 20:40 - 00001529 _____ () C:\Windows\unins000.dat
2014-11-05 20:40 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-11-05 20:40 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2014-11-05 20:25 - 2014-11-05 20:25 - 00262232 _____ () C:\Users\hamza\Downloads\GoogleUpdate.adm
2014-11-05 20:20 - 2014-11-05 20:20 - 00880272 _____ (Google Inc.) C:\Users\hamza\Downloads\ChromeSetup (2).exe
2014-11-05 20:19 - 2014-11-05 20:19 - 00880272 _____ (Google Inc.) C:\Users\hamza\Downloads\ChromeSetup (1).exe
2014-11-05 20:10 - 2014-11-05 20:10 - 00001511 _____ () C:\Users\hamza\Desktop\DS3_Tool - Shortcut.lnk
2014-11-05 19:28 - 2014-11-05 19:28 - 00011272 _____ () C:\Users\hamza\Downloads\attachments.zip
2014-11-05 19:26 - 2014-11-05 19:26 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\java
2014-11-05 16:22 - 2014-11-05 16:22 - 00022528 _____ () C:\Users\hamza\AppData\Local\2266694dsisetup22678482.exe
2014-11-05 16:22 - 2014-11-05 16:22 - 00000001 _____ () C:\Users\hamza\AppData\Local\DSI.DAT
2014-11-04 20:57 - 2014-11-04 20:57 - 00004772 _____ () C:\Users\hamza\Downloads\software_removal_tool (1).log
2014-11-04 20:02 - 2014-11-04 20:02 - 04739400 _____ (Google) C:\Users\hamza\Downloads\software_removal_tool.exe
2014-11-04 20:02 - 2014-11-04 20:02 - 00020037 _____ () C:\Users\hamza\Downloads\software_removal_tool.log
2014-11-04 15:44 - 2014-11-04 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-04 15:44 - 2014-11-04 15:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-03 23:22 - 2014-11-03 23:22 - 16584622 _____ () C:\Users\hamza\Downloads\862-mercedes-benz-230-w123.zip
2014-11-03 23:12 - 2014-11-03 23:12 - 09173178 _____ () C:\Users\hamza\Downloads\552-mercedes-benz-s600.zip
2014-11-03 23:00 - 2014-11-03 23:00 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-03 22:59 - 2014-11-08 23:04 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-03 22:57 - 2014-11-03 22:57 - 01922688 _____ () C:\Users\hamza\Downloads\winrar-x64-511.exe
2014-11-03 22:52 - 2014-11-03 22:52 - 00638888 _____ (Oracle Corporation) C:\Users\hamza\Downloads\chromeinstall-8u25.exe
2014-11-03 22:51 - 2014-11-03 22:51 - 16638608 _____ () C:\Users\hamza\Downloads\1662-mercedes-benz-e420-w124-stock.zip
2014-11-03 22:22 - 2014-11-06 16:22 - 00000129 _____ () C:\Users\hamza\AppData\Roaming\WB.CFG
2014-11-03 21:23 - 2014-11-03 21:23 - 00613120 _____ (CMI Limited) C:\Users\hamza\AppData\Local\nsrF799.tmp
2014-11-03 21:23 - 2014-11-03 21:23 - 00000000 ____D () C:\Users\hamza\AppData\Local\IsolatedStorage
2014-11-03 21:22 - 2014-11-03 21:22 - 00002113 _____ () C:\Windows\patsearch.bin
2014-11-03 21:22 - 2014-11-03 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-11-03 21:21 - 2014-11-03 21:26 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-03 21:21 - 2014-11-03 21:21 - 00000000 ____D () C:\Users\hamza\AppData\Local\StormFall
2014-11-03 21:21 - 2014-11-03 21:21 - 00000000 ____D () C:\ProgramData\Unchecky
2014-11-03 21:12 - 2014-11-03 23:18 - 00000000 ____D () C:\ProgramData\FbQhceMIHb
2014-11-03 21:01 - 2014-11-03 21:21 - 00000000 ___HD () C:\Users\Public\Temp
2014-11-03 21:01 - 2014-11-03 21:01 - 00613120 _____ (CMI Limited) C:\Users\hamza\AppData\Local\nss10EA.tmp
2014-11-03 21:01 - 2014-11-03 21:01 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes
2014-11-03 21:00 - 2014-11-06 21:04 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\DriverLogUtility
2014-11-03 21:00 - 2014-11-03 23:01 - 00000000 ____D () C:\Windows\SysWOW64\DriverFirmwareProgram
2014-11-03 20:59 - 2014-11-06 21:04 - 00000000 ____D () C:\Users\hamza\AppData\Local\ArchiveDriverMotion
2014-11-03 20:59 - 2014-11-03 23:19 - 00000000 ____D () C:\Windows\SysWOW64\DockFormatOffice
2014-11-03 17:26 - 2014-11-03 17:26 - 22920720 _____ () C:\Users\hamza\Downloads\BMW_850CSi.rar
2014-11-03 17:24 - 2014-11-03 17:25 - 25144684 _____ () C:\Users\hamza\Downloads\BMW_850CSi.pkg2
2014-11-02 23:24 - 2014-11-02 23:25 - 16589524 _____ () C:\Users\hamza\Downloads\mercedes-benz-s600-amg.rar
2014-11-02 23:20 - 2014-11-02 23:21 - 20219136 _____ () C:\Users\hamza\Downloads\mercS65.rar
2014-11-02 23:17 - 2014-11-02 23:18 - 24997784 _____ () C:\Users\hamza\Downloads\Mercedes-Benz-SLS-AMG.rar
2014-11-02 23:17 - 2014-11-02 23:18 - 22769921 _____ () C:\Users\hamza\Downloads\Mercedes-Benz-C32.rar
2014-11-02 23:14 - 2014-11-02 23:15 - 19846608 _____ () C:\Users\hamza\Downloads\MERCEDES-BENZ_CLK55AMG.rar
2014-11-02 23:12 - 2014-11-02 23:16 - 11977745 _____ () C:\Users\hamza\Downloads\MB_C63 fixed.zip
2014-11-02 23:08 - 2014-11-02 23:08 - 39085667 _____ () C:\Users\hamza\Downloads\Mercedes-Benz_560_SEL__W126_.rar
2014-11-02 23:06 - 2014-11-02 23:08 - 42048532 _____ () C:\Users\hamza\Downloads\Mercedes-Benz_560_SEL__W126_.pkg
2014-11-02 22:56 - 2014-11-02 22:57 - 27947809 _____ () C:\Users\hamza\Downloads\Mercedes_E_420_W124.zip
2014-11-02 22:52 - 2014-11-02 22:52 - 00000000 ____D () C:\Users\hamza\Documents\New folder
2014-11-02 22:22 - 2014-11-02 22:22 - 00001063 _____ () C:\Users\Public\Desktop\BeamNG.drive.lnk
2014-11-02 22:22 - 2014-11-02 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-11-02 22:19 - 2014-11-02 22:21 - 00000000 ____D () C:\Program Files (x86)\BeamNG.drive
2014-11-02 22:15 - 2014-11-02 22:17 - 763802577 ____R (BeamNG ) C:\Users\hamza\Downloads\BeamNG.drive 0.3.3 Setup.exe
2014-11-02 22:05 - 2014-11-02 22:05 - 00000849 _____ () C:\Users\hamza\Desktop\µTorrent.lnk
2014-11-02 22:05 - 2014-11-02 22:05 - 00000829 _____ () C:\Users\hamza\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-11-02 22:03 - 2014-11-02 22:04 - 01689168 _____ (BitTorrent Inc.) C:\Users\hamza\Downloads\uTorrent.exe
2014-11-02 19:21 - 2014-11-02 19:21 - 00000221 _____ () C:\Users\hamza\Desktop\Tactical Intervention.url
2014-11-02 19:09 - 2014-11-02 19:09 - 03480040 _____ (McAfee, Inc.) C:\Users\hamza\Downloads\MCPR.exe
2014-10-31 20:27 - 2014-10-31 20:27 - 227275852 _____ () C:\Users\hamza\Downloads\l4d2_tour_of_terror_5.5.zip
2014-10-29 16:08 - 2014-10-29 16:11 - 00000000 ____D () C:\Users\hamza\Desktop\New folder
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-23 14:17 - 2014-03-23 13:44 - 00000360 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-2077682838-4252401403-3781388596-1005.job
2014-11-23 14:16 - 2012-09-22 10:11 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1000UA.job
2014-11-23 14:15 - 2014-09-24 19:25 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MHA-PC-hamza MHA-PC
2014-11-23 14:14 - 2014-03-22 20:46 - 00000432 ____H () C:\Windows\Tasks\SW.Booster-S-990783876.job
2014-11-23 14:14 - 2014-01-02 13:25 - 00000000 ____D () C:\Users\hamza\AppData\Local\LogMeIn Hamachi
2014-11-23 14:14 - 2013-11-25 15:51 - 00000494 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-11-23 14:14 - 2013-09-20 06:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 14:14 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 14:12 - 2013-09-20 06:03 - 00001152 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 14:12 - 2013-09-20 06:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 14:12 - 2012-08-01 11:44 - 01184137 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 14:11 - 2012-09-23 12:29 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1005UA.job
2014-11-23 14:00 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 14:00 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 13:58 - 2013-09-20 06:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 13:58 - 2009-07-13 23:13 - 00006512 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 13:49 - 2012-08-01 00:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 13:48 - 2013-04-15 19:08 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA44B294-38C2-4E05-BF7D-FE3BD65C6262}
2014-11-23 00:03 - 2012-08-13 19:08 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1005UA.job
2014-11-22 22:11 - 2012-09-23 12:29 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1005Core.job
2014-11-22 21:03 - 2012-08-13 19:08 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1005Core.job
2014-11-22 11:16 - 2012-09-22 10:11 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1000Core.job
2014-11-21 17:30 - 2014-08-15 01:00 - 00000000 ____D () C:\Users\hamza\AppData\Local\Adobe
2014-11-21 17:18 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Performance
2014-11-21 06:56 - 2013-10-30 18:15 - 00000000 ____D () C:\Users\hamza\Documents\school
2014-11-21 06:55 - 2012-08-22 08:41 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-11-17 17:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 21:53 - 2013-09-20 06:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 21:53 - 2013-09-20 06:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 17:49 - 2013-11-29 10:04 - 00000000 ____D () C:\Users\hamza\Desktop\Stuff
2014-11-12 22:06 - 2012-09-23 12:29 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1005UA
2014-11-12 22:06 - 2012-09-23 12:29 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2077682838-4252401403-3781388596-1005Core
2014-11-12 16:57 - 2012-08-02 00:43 - 00000000 ____D () C:\Windows\rescache
2014-11-12 16:01 - 2009-07-13 22:45 - 05202408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 22:19 - 2013-04-06 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-11 22:19 - 2013-04-06 19:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 22:16 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2014-11-11 22:15 - 2013-07-13 01:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 22:11 - 2012-08-01 09:30 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 16:05 - 2012-08-02 17:30 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\Mozilla
2014-11-10 16:39 - 2012-12-24 12:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-10 15:38 - 2012-08-02 12:04 - 00151496 _____ () C:\Users\hamza\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-09 16:40 - 2013-08-01 18:41 - 00000258 __RSH () C:\Users\hamza\ntuser.pol
2014-11-09 16:40 - 2012-08-02 12:04 - 00000000 ____D () C:\Users\hamza
2014-11-09 16:37 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-09 16:33 - 2010-11-21 01:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-09 16:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-09 16:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-09 16:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-09 16:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-09 16:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-09 16:00 - 2012-08-08 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-09 16:00 - 2012-08-08 22:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-09 16:00 - 2012-08-08 22:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-09 14:24 - 2012-12-06 19:43 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-11-09 14:24 - 2012-12-06 19:43 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-11-08 23:04 - 2014-01-10 22:52 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\LogMeIn Hamachi
2014-11-08 23:04 - 2012-12-27 19:28 - 00000000 ____D () C:\Users\Hamza m.sadeeq
2014-11-08 23:04 - 2012-09-02 16:41 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Akamai
2014-11-08 23:04 - 2012-08-02 09:06 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-11-08 23:04 - 2012-08-01 11:44 - 00000000 ____D () C:\Users\Mohammed
2014-11-08 23:04 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-08 23:04 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-08 23:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-08 23:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2014-11-08 23:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-11-08 23:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-08 23:03 - 2012-08-02 09:18 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-11-08 23:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-08 22:58 - 2013-02-22 06:55 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\Dropbox
2014-11-08 22:58 - 2012-08-01 00:44 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\Mozilla
2014-11-08 22:58 - 2012-08-01 00:32 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Google
2014-11-08 22:57 - 2013-04-06 19:12 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-07 17:33 - 2012-12-27 19:29 - 00151496 _____ () C:\Users\Hamza m.sadeeq\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 21:04 - 2013-08-01 18:42 - 00000000 ____D () C:\Program Files (x86)\Web Layers
2014-11-06 21:04 - 2013-05-17 16:50 - 00000000 ____D () C:\Users\hamza\AppData\Local\CRE
2014-11-06 21:04 - 2012-11-25 11:25 - 00000000 ____D () C:\Temp
2014-11-06 20:50 - 2012-12-06 19:42 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\TeamViewer
2014-11-06 20:46 - 2012-08-24 10:09 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\uTorrent
2014-11-06 20:42 - 2012-08-01 15:37 - 00000000 ____D () C:\Windows\Panther
2014-11-05 19:59 - 2012-08-31 15:24 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\.minecraft
2014-11-04 14:30 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-03 23:00 - 2012-08-01 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-03 22:52 - 2014-06-11 18:23 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-03 22:52 - 2014-06-11 18:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-03 22:52 - 2014-06-11 18:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-03 22:52 - 2014-06-11 18:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-03 22:52 - 2014-03-24 17:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-03 22:52 - 2012-08-31 16:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-03 21:22 - 2013-12-21 09:52 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-03 21:16 - 2013-02-22 06:58 - 00000000 ___RD () C:\Users\Mohammed\Dropbox
2014-11-03 21:08 - 2013-02-12 17:45 - 00000000 ____D () C:\ProgramData\Bluetooth
2014-11-03 21:08 - 2013-02-10 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2014-11-03 21:08 - 2012-11-25 11:24 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-11-03 21:08 - 2012-08-12 12:02 - 00000000 ____D () C:\Program Files (x86)\MagicDisc
2014-11-03 21:08 - 2012-08-01 01:34 - 00000032 _____ () C:\Windows\0
2014-11-03 17:08 - 2013-08-01 18:41 - 00000258 __RSH () C:\Users\Mohammed\ntuser.pol
2014-11-03 15:34 - 2012-08-01 12:19 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Adobe
2014-11-03 14:38 - 2013-09-11 15:26 - 00000000 ____D () C:\ProgramData\Origin
2014-11-03 14:37 - 2012-08-01 11:58 - 00151496 _____ () C:\Users\Mohammed\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-03 14:36 - 2013-09-11 15:26 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-02 22:50 - 2014-04-05 20:25 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2014-11-02 22:50 - 2014-04-05 20:24 - 00000000 ____D () C:\Users\hamza\AppData\Local\BeamNG
2014-11-02 19:21 - 2012-09-06 18:08 - 00000000 ____D () C:\Users\hamza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-01 23:43 - 2012-08-01 00:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-01 23:43 - 2012-08-01 00:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-01 23:43 - 2012-08-01 00:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 20:48 - 2012-08-02 08:13 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-10-30 20:48 - 2012-08-02 07:56 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
 
Files to move or delete:
====================
C:\Users\hamza\jagex_cl_loginapplet_LIVE.dat
C:\Users\hamza\jagex_cl_runescape_LIVE.dat
C:\Users\hamza\random.dat
 
 
Some content of TEMP:
====================
C:\Users\hamza\AppData\Local\Temp\1871KrakenDevProps.dll
C:\Users\hamza\AppData\Local\Temp\Quarantine.exe
C:\Users\hamza\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 09:28
 
==================== End Of Log ============================
 
 
 
Thank you
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 24 November 2014 - 08:38 AM

 
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2456} URL = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=456&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2456} URL = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=456&sr=0&q={searchTerms}
BHO: ActiveMail -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} ->  No File
BHO-x32: ActiveMail -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} ->  No File
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B20cd44fe-5d29-494d-aae6-dd913f66d1c0%7D&mid=b2d43343cdba47d08f295dc0e33afd38-12c0d9b93fcbe9147f406cafe4a0a0f94eec31ef&ds=AVG&coid=avgtbavg&cmpid=&v=18.0.5.292&lang=en&pr=sa&d=2014-02-05%2020%3A47%3A57&sap=hp
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF SearchPlugin: C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.5.292 [Not Found]
CHR Extension: (Google Wallet) - C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR HKCU\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\133.crx [2013-05-06]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
C:\Users\hamza\AppData\Local\Temp\1871KrakenDevProps.dll
Task: {0203126E-1F38-4A16-8482-C7782315881F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1F6C0427-82CE-4F3F-96A1-E5CA44CF2548} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {3DD5A0FD-2CE0-4F21-97BB-AB4899A64BC9} - \Updater4479.exe No Task File <==== ATTENTION
Task: {4C69DDED-891A-4240-B2DF-6970B0B68407} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4CD4CC6F-C51F-428A-B236-3902A486A63B} - \Microsoft\Windows\Maintenance\IC Update Procedure No Task File <==== ATTENTION
Task: {5C401684-3BF8-4075-9708-4573F8C29E53} - System32\Tasks\SW.Booster-S-990783876 => c:\programdata\appure\sw.booster\SW.Booster.exe <==== ATTENTION
Task: {84F7B997-ADAA-41D3-8B9F-6D97020A86BA} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\hamza\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {865F3BA5-5E21-46F4-87BD-152CDEE5BC7A} - \IC Runner Procedure No Task File <==== ATTENTION
Task: {871C6A6D-0689-411A-A4EA-8C5F4C02562B} - System32\Tasks\DTReg => C:\Users\hamza\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {91A5E240-07A0-4BE3-B15A-2D8215D1F1AE} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {9FCB8B54-E488-4EF0-B02D-F1FE8C785DA9} - \Funmoods No Task File <==== ATTENTION
Task: {AD518CAC-A867-461F-AA77-17DAA4118250} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {C009BDD6-D47D-452B-BC62-16C93AD72CF0} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\SW.Booster-S-990783876.job => c:\programdata\appure\sw.booster\SW.Booster.exe <==== ATTENTION
 
End
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log Fixlog.txt please post it to your reply.
===
 
Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     
    ======


    #7 Malwarevictim69

    Malwarevictim69
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:08:22 AM

    Posted 24 November 2014 - 06:41 PM

    here are the contents, sadly  the issue remains.

     

    the fix log: 

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
    Ran by hamza at 2014-11-24 17:20:16 Run:1
    Running from C:\Users\hamza\Desktop
    Loaded Profile: hamza (Available profiles: Mohammed & hamza & Hamza m.sadeeq)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2456} URL = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=456&sr=0&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2456} URL = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=456&sr=0&q={searchTerms}
    BHO: ActiveMail -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} ->  No File
    BHO-x32: ActiveMail -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} ->  No File
    FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B20cd44fe-5d29-494d-aae6-dd913f66d1c0%7D&mid=b2d43343cdba47d08f295dc0e33afd38-12c0d9b93fcbe9147f406cafe4a0a0f94eec31ef&ds=AVG&coid=avgtbavg&cmpid=&v=18.0.5.292&lang=en&pr=sa&d=2014-02-05%2020%3A47%3A57&sap=hp
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
    FF SearchPlugin: C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\yahoo_ff.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.5.292 [Not Found]
    CHR Extension: (Google Wallet) - C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
    CHR HKCU\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
    CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
    CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\133.crx [2013-05-06]
    S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
    S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
    S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 VComm; system32\DRIVERS\VComm.sys [X]
    S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
    C:\Users\hamza\AppData\Local\Temp\1871KrakenDevProps.dll
    Task: {0203126E-1F38-4A16-8482-C7782315881F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {1F6C0427-82CE-4F3F-96A1-E5CA44CF2548} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
    Task: {3DD5A0FD-2CE0-4F21-97BB-AB4899A64BC9} - \Updater4479.exe No Task File <==== ATTENTION
    Task: {4C69DDED-891A-4240-B2DF-6970B0B68407} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {4CD4CC6F-C51F-428A-B236-3902A486A63B} - \Microsoft\Windows\Maintenance\IC Update Procedure No Task File <==== ATTENTION
    Task: {5C401684-3BF8-4075-9708-4573F8C29E53} - System32\Tasks\SW.Booster-S-990783876 => c:\programdata\appure\sw.booster\SW.Booster.exe <==== ATTENTION
    Task: {84F7B997-ADAA-41D3-8B9F-6D97020A86BA} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\hamza\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
    Task: {865F3BA5-5E21-46F4-87BD-152CDEE5BC7A} - \IC Runner Procedure No Task File <==== ATTENTION
    Task: {871C6A6D-0689-411A-A4EA-8C5F4C02562B} - System32\Tasks\DTReg => C:\Users\hamza\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
    Task: {91A5E240-07A0-4BE3-B15A-2D8215D1F1AE} - \Advanced System Protector_startup No Task File <==== ATTENTION
    Task: {9FCB8B54-E488-4EF0-B02D-F1FE8C785DA9} - \Funmoods No Task File <==== ATTENTION
    Task: {AD518CAC-A867-461F-AA77-17DAA4118250} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
    Task: {C009BDD6-D47D-452B-BC62-16C93AD72CF0} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SW.Booster-S-990783876.job => c:\programdata\appure\sw.booster\SW.Booster.exe <==== ATTENTION
     
    End
    *****************
     
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RA3.exe" => Key deleted successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
    "HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2456}" => Key deleted successfully.
    "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2456}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2456}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2456}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7AED5F-0C26-4820-A570-7DA8B6D93F4A}" => Key deleted successfully.
    "HKCR\CLSID\{EF7AED5F-0C26-4820-A570-7DA8B6D93F4A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7AED5F-0C26-4820-A570-7DA8B6D93F4A}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{EF7AED5F-0C26-4820-A570-7DA8B6D93F4A}" => Key deleted successfully.
    Firefox homepage deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\samsung.com/SamsungLinkPCPlugin" => Key deleted successfully.
    C:\Users\hamza\AppData\Roaming\Mozilla\Firefox\Profiles\w0qi9pn0.default\searchplugins\yahoo_ff.xml => Moved successfully.
    C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.0.5.292 not found.
    C:\Users\hamza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    "HKCU\SOFTWARE\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn" => Key deleted successfully.
    "C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn" => Key deleted successfully.
    "C:\Users\hamza\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\npffmjkglbnioaoncpfmdbmehnbcldfh" => Key deleted successfully.
    "C:\Program Files (x86)\LyricSing\133.crx" => File/Directory not found.
    BlueletAudio => Service deleted successfully.
    BlueletSCOAudio => Service deleted successfully.
    BT => Service deleted successfully.
    Btcsrusb => Service deleted successfully.
    BTHidEnum => Service deleted successfully.
    BTHidMgr => Service deleted successfully.
    EagleX64 => Service deleted successfully.
    VComm => Service deleted successfully.
    VcommMgr => Service deleted successfully.
    C:\Users\hamza\AppData\Local\Temp\1871KrakenDevProps.dll => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0203126E-1F38-4A16-8482-C7782315881F}" => Key not found.
    C:\Windows\System32\Tasks\APSnotifierPP3 not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F6C0427-82CE-4F3F-96A1-E5CA44CF2548}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F6C0427-82CE-4F3F-96A1-E5CA44CF2548}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Advanced System Protector not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DD5A0FD-2CE0-4F21-97BB-AB4899A64BC9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD5A0FD-2CE0-4F21-97BB-AB4899A64BC9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater4479.exe" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C69DDED-891A-4240-B2DF-6970B0B68407}" => Key not found.
    C:\Windows\System32\Tasks\APSnotifierPP1 not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CD4CC6F-C51F-428A-B236-3902A486A63B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CD4CC6F-C51F-428A-B236-3902A486A63B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IC Update Procedure" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C401684-3BF8-4075-9708-4573F8C29E53}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C401684-3BF8-4075-9708-4573F8C29E53}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SW.Booster-S-990783876 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW.Booster-S-990783876" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84F7B997-ADAA-41D3-8B9F-6D97020A86BA}" => Key not found.
    C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{865F3BA5-5E21-46F4-87BD-152CDEE5BC7A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{865F3BA5-5E21-46F4-87BD-152CDEE5BC7A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IC Runner Procedure" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871C6A6D-0689-411A-A4EA-8C5F4C02562B}" => Key not found.
    C:\Windows\System32\Tasks\DTReg not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91A5E240-07A0-4BE3-B15A-2D8215D1F1AE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91A5E240-07A0-4BE3-B15A-2D8215D1F1AE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCB8B54-E488-4EF0-B02D-F1FE8C785DA9}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD518CAC-A867-461F-AA77-17DAA4118250}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C009BDD6-D47D-452B-BC62-16C93AD72CF0}" => Key not found.
    C:\Windows\System32\Tasks\APSnotifierPP2 not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key not found.
    C:\Windows\Tasks\APSnotifierPP1.job not found.
    C:\Windows\Tasks\APSnotifierPP2.job not found.
    C:\Windows\Tasks\APSnotifierPP3.job not found.
    C:\Windows\Tasks\SW.Booster-S-990783876.job => Moved successfully.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====

     

     

    Security check log:

     

      Results of screen317's Security Check version 0.99.90  

     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
     Call of Duty: Ghosts - Multiplayer 
     Java 8 Update 25  
     Java version out of Date!
     Adobe Flash Player 15.0.0.189  
     Adobe Reader XI  
     Mozilla Firefox 28.0 Firefox out of Date!
     Google Chrome 33.0.1750.154 Google Chrome out of date!
    ````````Process Check: objlist.exe by Laurent````````
     Norton ccSvcHst.exe 
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0% 
    ````````````````````End of Log``````````````````````

    Edited by Malwarevictim69, 24 November 2014 - 06:54 PM.


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 38,955 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:22 AM

    Posted 25 November 2014 - 10:18 AM

    Please download MiniToolBox to Desktop and run it.
     
    Check mark the following boxes:
    •  
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List last 10 Event Viewer log
    • List content of Hosts
    • List IP Configuration
    • List Winsock Entries
    • Click Go and copy/paste the log (Result.txt) into your next post.
    • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     


    #9 Malwarevictim69

    Malwarevictim69
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:08:22 AM

    Posted 25 November 2014 - 05:14 PM

    here you go

     

    MiniToolBox by Farbar  Version: 21-07-2014
    Ran by hamza (administrator) on 25-11-2014 at 16:12:37
    Running from "C:\Users\hamza\Desktop"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Flush DNS: ===================================
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========================= IE Proxy Settings: ============================== 
     
    Proxy is not enabled.
    No Proxy Server is set.
     
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
     
    ========================= FF Proxy Settings: ============================== 
     
     
    "Reset FF Proxy Settings": Firefox Proxy settings were reset.
     
    ========================= Hosts content: =================================
     
     
     
    127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com
    127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
     
    ========================= IP Configuration: ================================
     
    Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
    Hamachi Network Interface = Local Area Connection 2 (Connected)
    Hamachi Network Interface = Hamachi (Connected)
     
     
    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,955 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:22 AM

    Posted 26 November 2014 - 08:28 AM

    How is the computer running now?



    #11 Malwarevictim69

    Malwarevictim69
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:08:22 AM

    Posted 26 November 2014 - 08:31 AM

    Unfortunately nothing changed. The issue remains that I can't connect to the internet with my browsers. Due to the proxy server not working.

    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 38,955 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:22 AM

    Posted 26 November 2014 - 09:00 AM

    Refer to this Microsoft page.
     
    In the

    Fix it for me
    section Select the Fix it button.
    Let it finish.
     
    Restart the computer normally.
     
    How is it now?


    #13 Malwarevictim69

    Malwarevictim69
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:08:22 AM

    Posted 26 November 2014 - 09:22 AM

    I can't do that because my computer won't connect to the internet proxy server.

    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,955 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:22 AM

    Posted 26 November 2014 - 09:42 AM

     
    This is the Do it yourself instructions on the page.
     
     
    Open the Run box.
     
    In the Run text box, copy (CTRL+C) and paste (CTRL+V) or type the following:
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    Click OK.
     
    Restart the computer normally.
     
    How is it now?


    #15 Malwarevictim69

    Malwarevictim69
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:08:22 AM

    Posted 26 November 2014 - 10:02 AM

    Still didn't work. When I typed in the command it flashed a block box at me then nothing happened afterwards so I restarted and nothing happened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users