Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome Rogue Processes (Fqivsuimptm.exe) Can't remove


  • This topic is locked This topic is locked
11 replies to this topic

#1 shuytco

shuytco

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 31 December 2014 - 11:56 AM

I am having an issue similar to the one reported here:

 

http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/

 

This is on my home PC.  I have tried running mcafee internet security, spybot, and some other cleaners but the problem still persists.  I tried starting in safe mode and deleting all the folders where this program is originating from but the folders just continue to move to another location under the same root folder.  Please help me remove this problem.  It takes up a lot of system resources and I'm not sure what other damage it is doing.

 

C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Liam at 11:39:41 on 2014-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8188.2511 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
C:\Program Files\Dell\OSD\DellOSDservice.exe
C:\Program Files\Dell\OSD\DellOSD.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Liam\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Liam\AppData\Local\Apps\2.0\HBRX9PHL.W5Y\PWA69XH6.AMP\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
C:\Users\Liam\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Canon\Digital Photo Professional\DPPStamp.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://my.yahoo.com/
mStart Page = about:blank
uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MyAshampoo Toolbar: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
TB: Coupon Alert: {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AdobeBridge] <no file>
uRunOnce: [Adobe Speed Launcher] 1420031064
mRun: [ShwiconXP6366] c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [UCam_Menu] "C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Dell\Dell TouchCam" UpdateWithCreateOnce "Software\CyberLink\Dell TouchCam\1.1"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [FAStartup] <no file>
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Liam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HRBLOC~1.LNK - C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: af.mil
Trusted Zone: dell.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC7D3D1F-F217-43F8-97DA-E3593F971868} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FD888068-DD47-4959-9B28-32DA2F1A019B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD888068-DD47-4959-9B28-32DA2F1A019B}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD888068-DD47-4959-9B28-32DA2F1A019B}\1435553502845797E686 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD888068-DD47-4959-9B28-32DA2F1A019B}\865797E68646C696E6B6 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli FAPassSync
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>
x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=B111US550D20140108&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Liam\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Liam\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Users\Liam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Liam\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2014-8-27 18736]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-11-4 348552]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-1 55280]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2014-1-8 66040]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-1 203264]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-2-18 122128]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-2-18 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-2-18 766736]
R2 CouponAlert_2pService;Coupon Alert Service;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2011-4-10 36864]
R2 DellOSDservice;DellOSDservice;C:\Program Files\Dell\OSD\DellOSDservice.exe [2010-7-5 7168]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-7-9 10571056]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-4-23 2412728]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-8 328928]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-4-17 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-1-8 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-8 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-8 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-8 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-8 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-1-8 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-1-8 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-1-8 189912]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;C:\Windows\System32\drivers\AVerPola.sys [2010-11-23 371072]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-11-23 20984]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-11-4 72128]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.6.56275.0.sys [2014-7-10 46384]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2014-8-27 435504]
R3 dlusbaudio;dlusbaudio;C:\Windows\System32\drivers\dlusbaudio_x64.sys [2014-7-9 206128]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-11-4 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-11-4 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-7-24 444720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-6-5 73984]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-2-18 402192]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/12/26 20:32:35;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-16 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-7-24 96592]
S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;C:\Windows\System32\drivers\nuviocir_win7_x64.sys [2010-12-26 33792]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-17 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-26 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
.
=============== Created Last 30 ================
.
2014-12-31 11:02:31 -------- d-----w- C:\FRST
2014-12-19 14:58:51 48240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-12-18 11:11:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 11:11:22 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-10 18:32:37 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 18:14:18 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 18:14:18 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 18:14:17 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 18:14:17 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 18:14:16 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 18:14:16 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 18:14:16 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 18:14:16 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 18:14:16 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 18:14:16 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 15:08:45 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-12-19 15:00:54 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-19 14:58:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 14:58:26 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:43:03.85 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 31 December 2014 - 04:59 PM

Hello shuytco,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 shuytco

shuytco
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 31 December 2014 - 07:31 PM

Ok.  Here are the results of my scans as instructed.

 

# AdwCleaner v4.106 - Report created 31/12/2014 at 19:05:13
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Liam - LIAM-PC
# Running from : C:\Users\Liam\Desktop\Cleaning Malware\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CouponAlert_2pService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\Program Files (x86)\CouponAlert_2p
Folder Deleted : C:\Program Files (x86)\I Want This
Folder Deleted : C:\Program Files (x86)\SelectRebates
Folder Deleted : C:\Users\Liam\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Liam\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Liam\AppData\Local\apn
Folder Deleted : C:\Users\Liam\AppData\Local\I Want This
[!] Folder Deleted : C:\Users\Liam\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Liam\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Liam\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Deleted : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\searchplugins\Askcom.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [2pffxtbr@CouponAlert_2p.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponAlert_2p Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1948934A-1C68-4B2B-9A1F-D12E2A062A1A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B9F8C21-46EC-4C0B-8683-E755EF84577A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{eb2479f3-f362-4d42-800a-e323c8029d20}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{411B1946-3277-4A7F-9F60-745266360613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3462C343-BE19-4143-AF70-CEFB56F46FC6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3462C343-BE19-4143-AF70-CEFB56F46FC6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B9F8C21-46EC-4C0B-8683-E755EF84577A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\CouponAlert_2p
Key Deleted : HKLM\SOFTWARE\MyAshampoo\toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029..clientLogIsEnabled", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2475029", "CT2475029");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481020.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481020.alertChannelId", "874426");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481024.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481024.alertChannelId", "874430");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481025.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481025.alertChannelId", "874431");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481029.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481029.alertChannelId", "874435");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481031.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481031.alertChannelId", "874437");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481032.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481032.alertChannelId", "874438");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481033.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481033.alertChannelId", "874439");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481034.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481034.alertChannelId", "874440");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481035.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481035.alertChannelId", "874441");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481037.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CT2481037.alertChannelId", "874443");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Wed Sep 14 2011 23:24:49 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT2481020,CT2481024,CT2481025,CT2481029,CT2481031,CT2481032,CT2481033[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CommunityChanged", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.CurrentServerDate", "15-9-2011");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.DialogsAlignMode", "LTR");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.DialogsGetterLastCheckTime", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Wed Sep 14 2011 23:24:49 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.DownloadReferralCookieData", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedLastCount129133095456874337", 160);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129132307482029379", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129132307482029381", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129132307482029382", "Wed Sep 14 2011 23:24:31 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129133095459686870", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129133095459686871", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129137437659687146", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129137437659687147", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedPollDate129137437659687148", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129132307482029379", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129132307482029381", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129132307482029382", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129133095459686870", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129133095459686871", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129137437659687146", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129137437659687147", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FeedTTL129137437659687148", 40);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FirstServerDate", "15-9-2011");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FirstTime", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FirstTimeFF3", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.FixPageNotFoundErrors", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.GroupingLastCheckTime", "Wed Sep 14 2011 23:24:29 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.GroupingLastErrorCode", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.GroupingLastResponse", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.GroupingLastServerUpdateTime", "129597250320000000");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.HasUserGlobalKeys", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.HomePageProtectorEnabled", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.Initialize", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.InitializeCommonPrefs", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.InstallationAndCookieDataSentCount", 1);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.InstallationType", "Unknown");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.InstalledDate", "Wed Sep 14 2011 23:24:31 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.InvalidateCache", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.IsGrouping", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.IsInitSetupIni", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.IsMulticommunity", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.IsOpenThankYouPage", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.IsOpenUninstallPage", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.IsProtectorsInit", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.LanguagePackLastCheckTime", "Wed Sep 14 2011 23:24:31 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.LastLogin_3.6.0.10", "Wed Sep 14 2011 23:24:29 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.LatestVersion", "3.6.0.10");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.Locale", "en");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.MCDetectTooltipHeight", "83");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.MCDetectTooltipShow", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.MCDetectTooltipWidth", "295");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.MyStuffEnabledAtInstallation", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.OriginalFirstVersion", "3.6.0.10");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioIsPodcast", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioLastCheckTime", "Wed Sep 14 2011 23:24:31 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioLastUpdateIPServer", "3");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioLastUpdateServer", "129054397178370000");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioMediaID", "13098944");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioMediaType", "Media Player");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT247502913098944");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioShrinkedFromSetup", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioStationName", "Mellesleg%20-%20Rapp");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.RadioStationURL", "hxxp://195.228.254.168:8060/");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchInNewTabEnabled", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchProtectorEnabled", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SearchProtectorToolbarDisabled", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.ServiceMapLastCheckTime", "Wed Sep 14 2011 23:24:28 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SettingsLastCheckTime", "Wed Sep 14 2011 23:24:28 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.SettingsLastUpdate", "1315240632");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Wed Sep 14 2011 23:24:28 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1312887586");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.ToolbarShrinkedFromSetup", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.UserID", "UN67165769461127813");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.alertChannelId", "868510");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.components.1000034", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.components.1000234", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.homepageProtectorEnableByLogin", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.initDone", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.isAppTrackingManagerOn", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.isFirstRadioInstallation", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.myStuffEnabled", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.searchProtectorDialogDelayInSec", 10);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.searchProtectorEnableByLogin", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.testingCtid", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Wed Sep 14 2011 23:24:30 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Wed Sep 14 2011 23:24:31 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/US", "\"0\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", "\"1314016960\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:1192\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:1192\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029", "\"634515122457000000\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2475029&octid=CT2475029", "\"1315240632\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equalizer_dead.gif", "\"0678fe477ac91:0\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimize.gif", "\"046c7ab477ac91:0\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gif", "\"0484de117c4c91:0\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gif", "\"0e7a152347ac91:0\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif", "\"087c778347ac91:0\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"e71ddf2d3a6333f3e0ec6de1c0d9971b\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"3ad3c3b74285157a755e0fa4b0d2984a\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"ee57ce1c775ba40d5def3caecb9ce059\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"30e0f0ca3b6e26a47fa0693efa671035\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"8446bd289e54a0721723edaa8e098375\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"286bda0676a7ddb2a151dc01a799306f\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"e571f22d558a111bb4e250edf95a4c17\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"9ce792c45ffcb234be99d15b471c76f0\"-gzip");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Liam\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\io6r8hfz.default\\conduitCommon\\modules\\3.6.0.10");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2475029");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2475029");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "310ffee0-6040-4e32-8944-fa818c311464");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Sep 14 2011 23:24:31 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Sep 14 2011 23:24:40 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 14 2011 23:24:29 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "24668e28-2f2b-4069-8bb5-d66662162c31");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Wed Sep 14 2011 23:24:33 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "13717f47f085c44fc7e552535d0821c8");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1335063965);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 51);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1335063965");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1335063965");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.expiration", "Mon May 13 2013 19:40:06 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.value", "%22appAPI.db.get%28%5C%22_GPL_ib_disclosure%5C%22%29%26%26%28appAPI.db.set%28%5C%22_GPL_ib_delay%5C%22%2C24%29%2C%21app[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Mon May 13 2013 19:40:06 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Mon May 20 2013 19:08:03 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1368486661");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221367851745%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.value", "24");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.value", "1368192601");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.expiration", "Tue May 14 2013 01:08:05 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.value", "%7B%225a0a78b4cf7a0f072d270b686d9c51f5%22%3A%7B%22p%22%3A%22/%22%7D%2C%2201cc4ace90709935c880901565cc0d2c%22%3A%7B%22p%22%3A%2[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1368192593649");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2231581%22");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1368192592260");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "144");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Tue May 14 2013 01:08:03 GMT-0400 (Eastern Daylight Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf(Array.prototype.indexOf=function(B){if(void 0===thisnull===this)throw new TypeError;var c=Object[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(B){console.log(B)},factor:1[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 38);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 3);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 3);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 7);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 4);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 3);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 2);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 3);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 3);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 2);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_5", "14,78,13,16,64,47,72");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/2258/plugins/091/ff/plugins.json");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 69);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 144);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.bic", "13717f47f085c44fc7e552535d0821c8");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1336136728);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22808108);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22808139);
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1343675035141");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1343675035116");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
[io6r8hfz.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp2258.statsDailyCounter", 6);

-\\ Google Chrome v

[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=663ee4e5-8db3-43d0-92dc-a705007bc98a&apn_ptnrs=RW&apn_sauid=3326985D-AD7E-4A20-A8D0-F14642EF5503&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=663ee4e5-8db3-43d0-92dc-a705007bc98a&apn_ptnrs=RW&apn_sauid=3326985D-AD7E-4A20-A8D0-F14642EF5503&apn_dtid=YYYYYYYYUS&q={searchTerms}
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm014YYus&ptb=8E06811F-52FF-4AB6-992E-ECD11BA33DDE&ind=2011081513&ptnrS=CDxdm014YYus&si=107645&n=77deab29&psa=&st=sb&searchfor={searchTerms}
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm014YYus&ptb=8E06811F-52FF-4AB6-992E-ECD11BA33DDE&ind=2011081513&ptnrS=CDxdm014YYus&si=107645&n=77deab29&psa=&st=sb&searchfor={searchTerms}
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [68515 octets] - [31/12/2014 18:59:50]
AdwCleaner[S0].txt - [68417 octets] - [31/12/2014 19:05:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [68478 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Liam (administrator) on LIAM-PC on 31-12-2014 19:22:16
Running from C:\Users\Liam\Desktop\Cleaning Malware
Loaded Profile: Liam (Available profiles: Liam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft) C:\Program Files\Dell\OSD\DellOSDservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(Microsoft) C:\Program Files\Dell\OSD\DellOSD.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Akamai Technologies, Inc.) C:\Users\Liam\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Liam\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Dell) C:\Users\Liam\AppData\Local\Apps\2.0\HBRX9PHL.W5Y\PWA69XH6.AMP\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(CANON INC.) C:\Program Files (x86)\Canon\WFT Utility\WFT-E1Utility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe
(Google Inc.) C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-12-04] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [485416 2009-12-04] (ActivIdentity)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ShwiconXP6366] => c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe [237568 2009-07-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Liam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Liam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-04] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [SPMTray] => "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Liam\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [vojudul] => regsvr32.exe /s "C:\Users\Liam\AppData\Local\Cyberlink\vojudul.dll" <===== ATTENTION
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [DellSystemDetect] => C:\Users\Liam\AppData\Local\Apps\2.0\HBRX9PHL.W5Y\PWA69XH6.AMP\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-13] (Dell)
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\RunOnce: [Adobe Speed Launcher] => 1420071071
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\MountPoints2: {bb24b4c8-116c-11e0-981c-806e6f6e6963} - D:\DiscManager.exe
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block                            )
Startup: C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-601688672-1681380129-574934008-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-601688672-1681380129-574934008-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/
SearchScopes: HKLM -> {CCA4AA69-6F86-49A2-88E1-2F8875B1A5BF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {13818CFA-46C8-41CB-9B7A-BE8A887187F0} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-601688672-1681380129-574934008-1000 -> DefaultScope {7F9D391F-56D8-4C64-8CA4-87EDF91D08BA} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20140108&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-601688672-1681380129-574934008-1000 -> {7F9D391F-56D8-4C64-8CA4-87EDF91D08BA} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20140108&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-601688672-1681380129-574934008-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-601688672-1681380129-574934008-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll (Microsoft Corporation)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: www.my.yahoo.com
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US550D20140108&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-601688672-1681380129-574934008-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Liam\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: MyAshampoo  - C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2014-11-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-26]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-08]
FF Extension: No Name - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.ask.com/?l=dis&o=15179cr
CHR Profile: C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (SiteAdvisor) - C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-01-10]
CHR Extension: (Google Wallet) - C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 DellOSDservice; C:\Program Files\Dell\OSD\DellOSDservice.exe [7168 2010-07-05] (Microsoft) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [71168 2011-03-15] (Palm) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [371072 2010-03-23] (AVerMedia TECHNOLOGIES, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
R3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [206128 2014-07-09] (DisplayLink Corp.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 nuviocir; C:\Windows\System32\DRIVERS\nuviocir_win7_x64.sys [33792 2010-07-14] (Nuvoton Technology Corp.) [File not signed]
R3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
S1 bqwxmvzq; \??\C:\Windows\system32\drivers\bqwxmvzq.sys [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [X]
S1 keycmfpd; \??\C:\Windows\system32\drivers\keycmfpd.sys [X]
S3 PCASp60; System32\Drivers\PCASp60.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 19:15 - 2014-12-31 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-31 18:59 - 2014-12-31 19:06 - 00000000 ____D () C:\AdwCleaner
2014-12-31 18:57 - 2014-12-31 19:22 - 00000000 ____D () C:\Users\Liam\Desktop\Cleaning Malware
2014-12-31 11:43 - 2014-12-31 11:43 - 00036568 _____ () C:\Users\Liam\Desktop\dds.txt
2014-12-31 11:43 - 2014-12-31 11:43 - 00018847 _____ () C:\Users\Liam\Desktop\attach.txt
2014-12-31 06:02 - 2014-12-31 19:22 - 00000000 ____D () C:\FRST
2014-12-29 17:30 - 2014-12-29 17:30 - 00010998 _____ () C:\Users\Liam\Desktop\Book1.xlsx
2014-12-29 17:30 - 2014-12-29 17:30 - 00009076 _____ () C:\Users\Liam\Desktop\Book2.xlsx
2014-12-18 06:11 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 06:11 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 20:34 - 2014-12-16 20:34 - 00057856 _____ () C:\Users\Liam\Documents\Zulily DEC 2014 sales report.xls
2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2014-12-10 13:32 - 2014-12-10 13:32 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 13:14 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 13:14 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 13:14 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 13:14 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 13:14 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 13:14 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 13:14 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 13:14 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 13:14 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 13:14 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 10:09 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 10:09 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 10:09 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 10:09 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 10:09 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 10:09 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 10:09 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 10:09 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 10:09 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 10:09 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 10:09 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 10:09 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 10:09 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 10:09 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 10:09 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 10:09 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 10:09 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 10:09 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 10:09 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 10:09 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 10:09 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 10:09 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 10:09 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 10:09 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 10:09 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 10:09 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 10:09 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 10:09 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 10:09 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 10:09 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 10:09 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 10:09 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 10:09 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 10:09 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 10:09 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 10:09 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 10:09 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 10:09 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 10:09 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 10:09 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 10:09 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 10:09 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 10:09 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 10:09 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 10:09 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 10:09 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 10:09 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 10:09 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 10:09 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 10:09 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 10:09 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 10:09 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 10:09 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 10:09 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 10:09 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 10:09 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 10:09 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 10:09 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 10:09 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 10:09 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 10:09 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 10:09 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 10:09 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 10:09 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:09 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 10:08 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 10:08 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 10:08 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 10:08 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 10:08 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 10:08 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 10:08 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 10:08 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 10:08 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 10:08 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 10:08 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 10:08 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 10:08 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 10:08 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 11:12 - 2014-12-03 12:12 - 00000000 ____D () C:\Users\Liam\Documents\12-03-2014
2014-12-01 22:55 - 2014-12-01 23:04 - 00114176 _____ () C:\Users\Liam\Documents\Zulily Vendor Doc - Petit Pas DEC 2014.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 19:23 - 2011-04-21 14:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 19:22 - 2013-05-26 17:19 - 00000316 _____ () C:\Windows\Tasks\PrintProjects Communicator.job
2014-12-31 19:18 - 2009-07-14 00:10 - 01563321 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 19:18 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 19:18 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 19:15 - 2014-01-08 21:50 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-12-31 19:14 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 19:13 - 2011-06-27 17:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 19:10 - 2011-04-21 14:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 19:10 - 2010-12-26 21:41 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-31 19:10 - 2010-12-26 21:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-31 19:10 - 2010-12-26 21:19 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-31 19:08 - 2011-11-30 18:10 - 00000000 ____D () C:\ProgramData\Kodak
2014-12-31 19:08 - 2010-12-26 22:52 - 00487000 _____ () C:\Windows\PFRO.log
2014-12-31 19:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 19:08 - 2009-07-13 23:51 - 00062736 _____ () C:\Windows\setupact.log
2014-12-31 18:26 - 2012-04-06 20:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 05:50 - 2011-04-21 14:53 - 00000000 ____D () C:\Users\Liam\AppData\Local\Google
2014-12-31 05:49 - 2011-07-09 09:01 - 00000000 ____D () C:\Users\Liam\AppData\Roaming\Mozilla
2014-12-30 16:20 - 2011-10-17 16:18 - 00000000 ____D () C:\Users\Liam\Documents\Outlook Files
2014-12-29 17:35 - 2013-05-15 08:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-25 23:20 - 2011-05-09 10:55 - 01686528 ___SH () C:\Users\Liam\Documents\Thumbs.db
2014-12-25 18:24 - 2011-07-31 16:40 - 00000000 ____D () C:\Users\Liam\AppData\Local\Cyberlink
2014-12-19 10:00 - 2014-08-15 09:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-19 09:59 - 2011-05-13 10:08 - 00000000 ____D () C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-19 09:59 - 2011-05-13 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-19 09:59 - 2011-05-13 10:08 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-19 09:58 - 2014-09-26 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-19 09:58 - 2012-04-06 20:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 09:58 - 2012-04-06 20:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-19 09:58 - 2011-08-15 12:22 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-19 09:58 - 2011-08-15 12:22 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 09:58 - 2011-05-22 11:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 09:57 - 2014-01-10 17:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-17 12:54 - 2014-07-24 21:21 - 00000000 ____D () C:\Users\Liam\Documents\Huy Resume stuff
2014-12-17 12:54 - 2012-01-28 17:58 - 00000000 ____D () C:\ProgramData\pdf995
2014-12-13 11:25 - 2012-06-11 20:03 - 00000000 ____D () C:\Users\Liam\AppData\Roaming\vlc
2014-12-13 04:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 23:14 - 2011-11-21 21:36 - 00000000 ____D () C:\Users\Liam\Calibre Library
2014-12-10 13:32 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 13:28 - 2011-03-01 19:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 13:25 - 2013-07-17 15:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 13:17 - 2011-03-01 17:53 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 11:01 - 2011-11-21 21:35 - 00000962 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-12-10 11:01 - 2011-11-21 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-12-10 11:01 - 2011-11-21 21:35 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-12-01 22:51 - 2014-11-29 19:50 - 00065365 _____ () C:\Users\Liam\Documents\Petit Confection - Apparel Vendor Document DEC 2014.xlsx

Some content of TEMP:
====================
C:\Users\Liam\AppData\Local\Temp\25E8.exe
C:\Users\Liam\AppData\Local\Temp\air506B.exe
C:\Users\Liam\AppData\Local\Temp\airD722.exe
C:\Users\Liam\AppData\Local\Temp\airE44D.exe
C:\Users\Liam\AppData\Local\Temp\airEB70.exe
C:\Users\Liam\AppData\Local\Temp\ammemb.dll
C:\Users\Liam\AppData\Local\Temp\ammemb64.dll
C:\Users\Liam\AppData\Local\Temp\AskSLib.dll
C:\Users\Liam\AppData\Local\Temp\ConduitEngine.dll
C:\Users\Liam\AppData\Local\Temp\ControlService.exe
C:\Users\Liam\AppData\Local\Temp\D723_fdminst.exe
C:\Users\Liam\AppData\Local\Temp\FAInstallV2.004.095.Dell.exe
C:\Users\Liam\AppData\Local\Temp\FAInstallV2.004.097.Dell.exe
C:\Users\Liam\AppData\Local\Temp\GLF565E.tmp.ConduitEngineSetup.exe
C:\Users\Liam\AppData\Local\Temp\HRBlockUpdater.exe
C:\Users\Liam\AppData\Local\Temp\iet50EC.tmp.exe
C:\Users\Liam\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\msgB5BB.exe
C:\Users\Liam\AppData\Local\Temp\Myashampoo.exe
C:\Users\Liam\AppData\Local\Temp\ose00000.exe
C:\Users\Liam\AppData\Local\Temp\photostage_1.0.0.50_1.5.0.130_update_all.exe
C:\Users\Liam\AppData\Local\Temp\Quarantine.exe
C:\Users\Liam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Liam\AppData\Local\Temp\sqlite3.dll
C:\Users\Liam\AppData\Local\Temp\_isEF06.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-31 06:59

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Liam at 2014-12-31 19:24:22
Running from C:\Users\Liam\Desktop\Cleaning Malware
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Amazon Kindle) (Version:  - Amazon)
AMCap (HKLM-x32\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.1.4.2 - ASUS)
AT&T Connect Participant Application v9.5.51 (HKLM-x32\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.50921 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{760968D5-137D-3914-621E-6E80D1E1A563}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
calibre (HKLM-x32\...\{75EA944A-4C53-4A0A-8B3B-E195EDAA626C}) (Version: 2.12.0 - Kovid Goyal)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0619.2309.39726 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2124 - CyberLink Corp.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dell Touch Software Suite Games (HKLM-x32\...\{2108900C-5BE3-4FF3-95AC-A1DD07C16CD9}) (Version: 1.2.6.0 - Fingertapps)
Dell TouchCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.1.1615 - CyberLink Corp.)
Dell TouchCam (x32 Version: 1.1.1615 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1117 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1117 - CyberLink Corp.) Hidden
DellOSD (HKLM\...\{89B91433-49FF-45E6-9B89-02E761A5ACB9}) (Version: 1.1.2 - Dell, Inc.)
DING! (HKLM-x32\...\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}) (Version: 1.05.005 - Southwest Airlines)
DisplayLink Core Software (HKLM\...\{89E40591-0404-4769-88E7-F649C95AE151}) (Version: 7.6.56275.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{3F750870-11D4-434C-80B7-6B71CE3F1097}) (Version: 7.2.47157.0 - DisplayLink Corp.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
FastAccess (HKLM\...\{C7663280-83B4-4E21-838C-ACEEB4C61FA2}) (Version: 2.4.97.1 - Sensible Vision)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
H&R Block California 2011 (HKLM-x32\...\{10894714-E82E-4371-9CF7-F58E352C76EA}) (Version: 1.11.5001 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.7601 - HRB Technology, LLC.)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IP Camera (HKLM-x32\...\IP Camera) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Karaoke Builder CD+G Player (HKLM-x32\...\Karaoke Builder CD+G Player) (Version:  - )
K-Lite Codec Pack 4.7.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 3.2.19.13664 - LeapFrog)
LeapFrog Connect (x32 Version: 3.2.19.13664 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 3.2.19.13664 - LeapFrog) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (2007) (HKLM-x32\...\{CF1A6387-88F6-4BD9-B0BE-EA1AF7024C7C}) (Version: 8.3.105.0 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (HKLM-x32\...\{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}) (Version: 6.5.7651.60 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{0807242D-4BB5-4F6C-BEA8-EC9D75A51C51}) (Version: 1.1.1817.91 - Alcor Micro Corp.)
Multimedia Card Reader (x32 Version: 1.1.1817.91 - Alcor Micro Corp.) Hidden
MyAshampoo Toolbar (HKLM-x32\...\MyAshampoo Toolbar) (Version: 6.2.6.0 - MyAshampoo) <==== ATTENTION
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.73 - Palm, Inc.)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power CD+G Burner (HKLM-x32\...\{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1) (Version:  - Doblon)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.11352 - RocketLife Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SetDisplayConfig (HKLM\...\{277C688D-1948-4CF2-8EFC-6328C6AE85BB}) (Version: 1.00.0000 - Dell, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShopAtHome.com Toolbar (HKLM-x32\...\SelectRebatesUninstall) (Version:  - ) <==== ATTENTION
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) Hidden
Siglos Karaoke Player/Recorder (HKLM-x32\...\{2120BF36-22A0-4587-AE3D-79201BC63EDD}_is1) (Version:  - Doblon)
Skins (x32 Version: 2010.0619.2309.39726 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StickyNotes (HKLM-x32\...\{0A71BAB4-D703-4CE4-8B3F-0D06A1D1A4E1}) (Version: 1.3.20.0 - Dell)
System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

13-12-2014 03:00:29 Windows Update
19-12-2014 03:00:14 Windows Update
19-12-2014 09:55:31 McAfee Vulnerability Scanner
31-12-2014 05:46:51 Removed Google Talk Plugin

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-11-18 16:58 - 2011-04-24 22:58 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {28CC4660-1C30-4CDF-A89E-0C4BD91D95DA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2DB5ACC1-1E9F-4104-8199-3A95EE5E0FBF} - System32\Tasks\{0BD98492-2417-4F43-8A51-6A2B3D5239D1} => pcalua.exe -a C:\Users\Liam\Downloads\PrewareInstaller-1.5.0.exe -d C:\Users\Liam\Desktop
Task: {355C1F5D-7706-40F5-9796-C7ABA255B617} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {39AF6443-DC1A-4215-A429-5720BAAC3F9C} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2011-03-07] ()
Task: {5DA54991-F745-441F-85C5-40016AAA4F2A} - System32\Tasks\{08B89226-ABD4-42A9-8228-5AC8C1F2FE4C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {66146023-E9D0-440A-BF65-E750D93571F3} - System32\Tasks\{2D076D86-E130-47FE-8A17-DF8685A305ED} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?page=tsProgressBar
Task: {7F672C95-D278-4808-BCF5-5F16FC6FAE85} - System32\Tasks\StickyNotes Updater => C:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\updater.exe [2010-12-10] (Caphyon LTD)
Task: {9472FF33-59EF-4F5E-8AE0-DF6B43B067BD} - System32\Tasks\AdobeAAMUpdater-1.0-Liam-PC-Liam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {A5327FEA-3F8C-4FD5-ABCA-AE0D66EDF6B5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {B7B950A1-C473-439E-A1BB-C89E7625D3EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C023E00A-D548-49AA-A85A-962FBB64AAEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {C8FD7041-90F3-4260-97E4-9D95CB7D95C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-601688672-1681380129-574934008-1000UA => C:\Users\Liam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D5776ED2-9640-482A-BC67-5F791B328EC2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2012-01-28 17:58 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2010-06-09 15:33 - 2010-06-09 15:33 - 00019968 _____ () C:\Program Files\Dell\OSD\CoreAudioApi.dll
2010-07-05 22:19 - 2010-07-05 22:19 - 00045056 _____ () C:\Program Files\Dell\OSD\Win7CCD.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-12-26 21:20 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-12-15 20:14 - 2009-12-15 20:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 10:50 - 2012-02-01 10:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2009-12-15 20:14 - 2009-12-15 20:14 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2011-04-23 21:18 - 2011-04-23 21:18 - 00097464 _____ () C:\Windows\system32\FAIEExtension.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2011-09-14 09:19 - 2011-09-14 09:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
2011-09-14 09:19 - 2011-09-14 09:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-19 11:52 - 2010-06-01 09:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2009-12-15 20:13 - 2009-12-15 20:13 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-11-15 20:58 - 2009-11-15 20:58 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-12-31 19:13 - 2014-12-31 19:13 - 00718152 _____ () C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\libglesv2.dll
2014-12-31 19:13 - 2014-12-31 19:13 - 00126280 _____ () C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\libegl.dll
2014-12-31 19:13 - 2014-12-31 19:13 - 08537928 _____ () C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\pdf.dll
2014-12-31 19:13 - 2014-12-31 19:13 - 00353096 _____ () C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-12-31 19:13 - 2014-12-31 19:13 - 01732936 _____ () C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\ffmpegsumo.dll
2014-12-31 19:13 - 2014-12-31 19:13 - 14669128 _____ () C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-601688672-1681380129-574934008-500 - Administrator - Disabled)
Guest (S-1-5-21-601688672-1681380129-574934008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-601688672-1681380129-574934008-1002 - Limited - Enabled)
Liam (S-1-5-21-601688672-1681380129-574934008-1000 - Administrator - Enabled) => C:\Users\Liam

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Photosmart C7100 series
Description: Photosmart C7100 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 07:12:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {65206b31-5ada-464a-a36e-bfc5bdd5d030}

Error: (12/31/2014 07:08:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2014 06:59:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2014 06:59:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/31/2014 06:32:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {63b81024-3558-4908-aa27-d3b81f282ed0}

Error: (12/31/2014 06:29:54 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2014 06:29:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 182.1.168.192.in-addr.arpa. PTR Liam-PC.local.

Error: (12/31/2014 06:29:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.182:5353   17 182.1.168.192.in-addr.arpa. PTR Liam-PC-2.local.

Error: (12/31/2014 05:32:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7253b3b8-bba1-4fae-803a-267ca0d58758}

Error: (12/31/2014 05:28:21 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:
=============
Error: (12/31/2014 07:10:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/31/2014 07:08:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/31/2014 07:07:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/31/2014 07:07:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/31/2014 07:07:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%3

Error: (12/31/2014 07:07:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (12/31/2014 07:07:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (12/31/2014 07:06:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/31/2014 07:06:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/31/2014 07:06:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (12/31/2014 07:12:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {65206b31-5ada-464a-a36e-bfc5bdd5d030}

Error: (12/31/2014 07:08:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2014 06:59:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (12/31/2014 06:59:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (12/31/2014 06:32:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {63b81024-3558-4908-aa27-d3b81f282ed0}

Error: (12/31/2014 06:29:54 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2014 06:29:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 182.1.168.192.in-addr.arpa. PTR Liam-PC.local.

Error: (12/31/2014 06:29:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.182:5353   17 182.1.168.192.in-addr.arpa. PTR Liam-PC-2.local.

Error: (12/31/2014 05:32:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7253b3b8-bba1-4fae-803a-267ca0d58758}

Error: (12/31/2014 05:28:21 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

CodeIntegrity Errors:
===================================
  Date: 2013-04-17 23:19:26.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-17 23:19:26.002
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X4 610e Processor
Percentage of memory in use: 47%
Total physical RAM: 8187.95 MB
Available physical RAM: 4284.18 MB
Total Pagefile: 16374.07 MB
Available Pagefile: 11730.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.83 GB) (Free:504.9 GB) NTFS
Drive d: (Mom365) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:29.87 GB) (Free:17.09 GB) FAT32
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:1301.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 95E74041)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00020FC3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 31 December 2014 - 08:40 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

MyAshampoo Toolbar

ShopAtHome.com Toolbar

Additional instructions can be found here if needed.

 

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   9.58KB   1 downloads

 

 

Let me know how the machine is running after this fix.

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 shuytco

shuytco
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 31 December 2014 - 11:36 PM

When I try to uninstall myashampoo toolbar, I get an error message that pops up and says "could not open INSTALL.LOG file.

ShopAtHome.com Toolbar seems to be gone.  I then ran the FRST/FRST64 with your fix file.  Everything seems to be working better now.  There is no program constantly running in the background hogging up resources.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Liam at 2014-12-31 23:00:09 Run:1
Running from C:\Users\Liam\Desktop\Cleaning Malware
Loaded Profile: Liam (Available profiles: Liam)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Liam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Liam\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU\S-1-5-21-601688672-1681380129-574934008-1000\...\Run: [vojudul] => regsvr32.exe /s "C:\Users\Liam\AppData\Local\Cyberlink\vojudul.dll" <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-601688672-1681380129-574934008-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin HKU\S-1-5-21-601688672-1681380129-574934008-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Liam\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: No Name - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [Not Found]
S1 bqwxmvzq; \??\C:\Windows\system32\drivers\bqwxmvzq.sys [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [X]
S1 keycmfpd; \??\C:\Windows\system32\drivers\keycmfpd.sys [X]
S3 PCASp60; System32\Drivers\PCASp60.sys [X]
C:\Users\Liam\AppData\Local\Temp\25E8.exe
C:\Users\Liam\AppData\Local\Temp\air506B.exe
C:\Users\Liam\AppData\Local\Temp\airD722.exe
C:\Users\Liam\AppData\Local\Temp\airE44D.exe
C:\Users\Liam\AppData\Local\Temp\airEB70.exe
C:\Users\Liam\AppData\Local\Temp\ammemb.dll
C:\Users\Liam\AppData\Local\Temp\ammemb64.dll
C:\Users\Liam\AppData\Local\Temp\AskSLib.dll
C:\Users\Liam\AppData\Local\Temp\ConduitEngine.dll
C:\Users\Liam\AppData\Local\Temp\ControlService.exe
C:\Users\Liam\AppData\Local\Temp\D723_fdminst.exe
C:\Users\Liam\AppData\Local\Temp\FAInstallV2.004.095.Dell.exe
C:\Users\Liam\AppData\Local\Temp\FAInstallV2.004.097.Dell.exe
C:\Users\Liam\AppData\Local\Temp\GLF565E.tmp.ConduitEngineSetup.exe
C:\Users\Liam\AppData\Local\Temp\HRBlockUpdater.exe
C:\Users\Liam\AppData\Local\Temp\iet50EC.tmp.exe
C:\Users\Liam\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Liam\AppData\Local\Temp\msgB5BB.exe
C:\Users\Liam\AppData\Local\Temp\Myashampoo.exe
C:\Users\Liam\AppData\Local\Temp\ose00000.exe
C:\Users\Liam\AppData\Local\Temp\photostage_1.0.0.50_1.5.0.130_update_all.exe
C:\Users\Liam\AppData\Local\Temp\Quarantine.exe
C:\Users\Liam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Liam\AppData\Local\Temp\sqlite3.dll
C:\Users\Liam\AppData\Local\Temp\_isEF06.exe
FF Extension: MyAshampoo  - C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2014-11-18]
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Liam\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Hosts:
Emptytemp:
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz

 

 

 

 

 

 

 

 

 

 

 

 

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater => value deleted successfully.
HKU\S-1-5-21-601688672-1681380129-574934008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\vojudul => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-601688672-1681380129-574934008-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
"HKU\S-1-5-21-601688672-1681380129-574934008-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\Liam\AppData\Roaming\CATALI~2\NPBCSK~1.DLL not found.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin not found.
bqwxmvzq => Service deleted successfully.
DisplayLinkUsbPort => Service deleted successfully.
keycmfpd => Service deleted successfully.
PCASp60 => Service deleted successfully.
C:\Users\Liam\AppData\Local\Temp\25E8.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\air506B.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\airD722.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\airE44D.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\airEB70.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\ammemb.dll => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\ammemb64.dll => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\ConduitEngine.dll => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\ControlService.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\D723_fdminst.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\FAInstallV2.004.095.Dell.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\FAInstallV2.004.097.Dell.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\GLF565E.tmp.ConduitEngineSetup.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\HRBlockUpdater.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\iet50EC.tmp.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\msgB5BB.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\Myashampoo.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\photostage_1.0.0.50_1.5.0.130_update_all.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Liam\AppData\Local\Temp\_isEF06.exe => Moved successfully.
C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} => Moved successfully.
"HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-601688672-1681380129-574934008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

"C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz" directory move:

C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\cqawvzvrz => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\mpuohrcn => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\qllqgrry => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\Qnottcitt => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\Slnmgfcxbro => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\Tmbuhsmbypxq => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\pwkcldslvyi\manifest.json => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\pwkcldslvyi\scckaqsga.js => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\jfbahqmgvu\Lrlsmto.js => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\jfbahqmgvu\manifest.json => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\Ilstuxgyju\fochkdm.js => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\Ilstuxgyju\manifest.json => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\Fqivsuimptm.exe => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\rundll32.exe => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\VisualElementsManifest.xml => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\36.0.1985.143.manifest => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\chrome.dll => Moved successfully.
Could not move "C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\chrome_100_percent.pak" => Scheduled to move on reboot.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\chrome_200_percent.pak => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\chrome_child.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\chrome_elf.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\d3dcompiler_43.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\d3dcompiler_46.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\delegate_execute.exe => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\ffmpegsumo.dll => Moved successfully.
Could not move "C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\icudtl.dat" => Scheduled to move on reboot.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\libegl.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\libexif.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\libglesv2.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\libpeerconnection.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\metro_driver.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\nacl64.exe => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\pdf.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\ppgooglenaclpluginchrome.dll => Moved successfully.
Could not move "C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\resources.pak" => Scheduled to move on reboot.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\secondarytile.png => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\widevinecdmadapter.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\xinput1_3.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\VisualElements\logo.png => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\VisualElements\smalllogo.png => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\PepperFlash\manifest.json => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\Locales\en-GB.pak => Moved successfully.
Could not move "C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\Locales\en-US.pak" => Scheduled to move on reboot.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\Extensions\external_extensions.json => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\default_apps\docs.crx => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\default_apps\drive.crx => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\default_apps\external_extensions.json => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\default_apps\gmail.crx => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\default_apps\search.crx => Moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\default_apps\youtube.crx => Moved successfully.
Could not move "C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz" directory. => Scheduled to move on reboot.

EmptyTemp: => Removed 47.5 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-31 23:26:13)<=

C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\chrome_100_percent.pak => Is moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\icudtl.dat => Is moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\resources.pak => Is moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz\36.0.1985.143\Locales\en-US.pak => Is moved successfully.
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz => Is moved successfully.

==== End of Fixlog 23:26:13 ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 01 January 2015 - 04:08 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 

 

Things to include in your next reply::

MBAM log

Eset log

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 shuytco

shuytco
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 January 2015 - 11:27 AM

Ok here are the results of the latest scans.  The computer does seem to be running better now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/1/2015
Scan Time: 6:38:02 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.01.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Liam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354316
Time Elapsed: 24 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [1a2000f259303ef844095d96ec167f81],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentBar, Quarantined, [9f9b10e21f6a4cea6cc5650b11f2867a],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-601688672-1681380129-574934008-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [be7c8f630d7c5ed80b28b1bff40f3fc1],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{19FBFD77-579B-4C4C-84F9-AB0F7148CE7D}, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{19FBFD77-579B-4C4C-84F9-AB0F7148CE7D}, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponAlert_2pEI, Quarantined, [fa4016dce1a858defad0161c0af9f60a],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponAlert_2pEI\Installr, Quarantined, [fa4016dce1a858defad0161c0af9f60a],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin, Quarantined, [fa4016dce1a858defad0161c0af9f60a],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\chrome, Quarantined, [fa4016dce1a858defad0161c0af9f60a],
PUP.Optional.MultiPlug.A, C:\Users\Liam\AppData\Roaming\YouSendIt, Quarantined, [93a7ad45a9e0c5719673261312f156aa],
PUP.Optional.MultiPlug.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\YouSendIt, Quarantined, [db5f32c08ffa9d99b653aa8f7f84fa06],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],

Files: 14
PUP.Optional.AirInstaller, C:\Users\Liam\Downloads\setup (1).exe, Quarantined, [2b0f6989a2e7043263a371bb26db7090],
PUP.Optional.AirInstaller, C:\Users\Liam\Downloads\setup.exe, Quarantined, [6cce79798efb69cd61a5c765fa076799],
Trojan.Chrome.INJ, C:\Users\Liam\AppData\Local\Cyberlink\vojudul.dll, Quarantined, [d86207eba7e2eb4bb56a00fee9182fd1],
PUP.Optional.MultiPlug.A, C:\Users\Liam\AppData\Roaming\YouSendIt\YsiDesktop.log, Quarantined, [93a7ad45a9e0c5719673261312f156aa],
PUP.Optional.MultiPlug.A, C:\Users\Liam\AppData\Roaming\YouSendIt\YsiMigration.log, Quarantined, [93a7ad45a9e0c5719673261312f156aa],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\GottenAppsContextMenu.xml, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\INSTALL.LOG, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\OtherAppsContextMenu.xml, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\SharedAppsContextMenu.xml, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\tbuTor.dll, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\toolbar.cfg, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\ToolbarContextMenu.xml, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\UNWISE.EXE, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],
PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe, Quarantined, [8cae5a98b4d543f3de7b3c18fd06639d],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe.vir a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe.vir a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe.vir a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8FFTBPR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8PATCH.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\I Want This\I Want This.exe.vir a variant of Win32/Toolbar.CrossRider.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\I Want This\I Want ThisGui.exe.vir a variant of Win32/Toolbar.CrossRider.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Liam\AppData\Roaming\Search Protection\Uninstall.exe.vir a variant of Win32/Toolbar.Widgi.G potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Local\Temp\air506B.exe.xBAD multiple threats cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Local\Temp\airD722.exe.xBAD a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Local\Temp\ConduitEngine.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Local\Temp\iet50EC.tmp.exe.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Local\Temp\Myashampoo.exe.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ctypes\FirefoxCtype.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\io6r8hfz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\Plugins\npFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Doblon\Power CD+G Burner\Power_Karaoke.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Doblon\Siglos\Power_Karaoke.exe Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Program Files (x86)\MyAshampoo\tbMyAs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Liam\AppData\LocalLow\pgdfzil.dll Win32/TrojanDownloader.Tracur.AM trojan cleaned by deleting - quarantined
C:\Users\Liam\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Liam\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Liam\Downloads\cdgburnersetup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Liam\Downloads\cnet_ashampoo_burning_studio_6_free_6_80_4312_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Liam\Downloads\power_cd_g_filter_setup.exe a variant of Win32/SWInformer.D potentially unwanted application deleted - quarantined
C:\Users\Liam\Downloads\siglossetup.exe Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 02 January 2015 - 11:34 AM

Please run MalwareBytes again we like to see all 0's.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 shuytco

shuytco
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 January 2015 - 07:16 PM

Here are the results from the latest scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/2/2015
Scan Time: 1:37:39 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.02.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Liam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354072
Time Elapsed: 19 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 02 January 2015 - 11:24 PM

Hello, shuytco.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 shuytco

shuytco
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 03 January 2015 - 10:27 AM

Ok here are the results.  Everything is running great.

 

# DelFix v10.8 - Logfile created 03/01/2015 at 10:23:35
# Updated 29/07/2014 by Xplode
# Username : Liam - LIAM-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\TDSSKiller.3.0.0.42_31.12.2014_05.54.22_log.txt
Deleted : C:\Users\Liam\Desktop\dds.txt

~ Cleaning system restore ...

Deleted : RP #397 [Windows Update | 12/13/2014 08:00:29]
Deleted : RP #398 [Windows Update | 12/19/2014 08:00:14]
Deleted : RP #399 [McAfee Vulnerability Scanner | 12/19/2014 14:55:31]
Deleted : RP #400 [Removed Google Talk Plugin | 12/31/2014 10:46:51]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 AM

Posted 03 January 2015 - 01:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users