PDA

View Full Version : Need Help removing DOSEARCHES



JD the DJ
2013-11-22, 12:53
This malware was unable to be removed by MBAM, Spybot or SAS.

DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
Run by Dana at 19:08:18 on 2013-11-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2579 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Steganos Password Manager Toolbar: {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
TB: Steganos Password Manager Toolbar: {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [MSGTAG] "C:\Program Files (x86)\MSGTAG\MSGTAG.exe" /startup
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [Update 5300C] C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan\update.exe 5300C+
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [PaperPort PTD] c:\progra~2\scansoft\paperp~1\pptd40nt.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Dana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {024538B9-3F39-49FF-9503-975F743210FA} - {9C65D12D-CF9D-454d-8049-61965D8C6FFF}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{5CB20EBE-68F5-4056-9AEB-9486E27E68D3} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-RunOnce: [GrpConv] grpconv -o
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=567981372&ir=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&CUI=UN47010554705404406&UM=&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dana\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-07 13:47; firefox@batbrowse.com; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\firefox@batbrowse.com.xpi
FF - ExtSQL: 2013-11-09 20:02; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.420:50:28
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=a8173ec17d69495397e8888238e70ea4&tu=10GX0007q2B000v&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=a8173ec17d69495397e8888238e70ea4&tu=10GXz00Aw2C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 18055e8f000000000000e840f2e0f4fd
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16018
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:19:17
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughGA
FF - user.js: extensions.zonealarm.instlRef - ZLN113883604008443-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=a8173ec17d69495397e8888238e70ea4&tu=10GXz00Aw2C01g0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=a8173ec17d69495397e8888238e70ea4&tu=10GXz00Aw2C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughGA&Lan=en&gu=a8173ec17d69495397e8888238e70ea4&tu=10GXz00Aw2C01g0&sku=&tstsId=&ver=&
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=567981372&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=567981372&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=567981372&ir=&q=
FF - user.js: extensions.mysearchdial.id - E840F2E0F4FD5E8F
FF - user.js: extensions.mysearchdial.instlDay - 16018
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.019:1:37
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 567981372
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 567981372
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-5-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-5-16 40064]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-16 169584]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-16 47232]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-16 204288]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-19 701512]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-16 1128952]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-25 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-19 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-11-19 31800]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-7-29 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-14 1255736]
S4 70e6ca8c;Optimizer Pro Crash Monitor;"c:\progra~2\optimi~1\OptProCrash.exe" --> c:\progra~2\optimi~1\OptProCrash.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-11-20 01:46:26 -------- d-----w- C:\Users\Dana\AppData\Local\VS Revo Group
2013-11-20 01:46:17 -------- d-----w- C:\ProgramData\VS Revo Group
2013-11-20 01:46:16 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2013-11-20 01:46:13 -------- d-----w- C:\Program Files\VS Revo Group
2013-11-19 22:06:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-19 22:06:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 11:59:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5F52F51-A0ED-45A6-821B-9C2FF688FE6A}\mpengine.dll
2013-11-12 02:37:18 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-12 02:05:37 -------- d-----w- C:\Users\Dana\AppData\Local\DoNotTrackPlus
2013-11-10 19:25:25 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-10 19:25:25 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-10 19:25:25 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-10 19:25:25 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-10 19:25:24 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-10 19:25:24 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-10 19:25:24 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-10 04:32:02 0 ----a-w- C:\Windows\SysWow64\shoEFBA.tmp
2013-11-10 02:28:55 -------- d-----w- C:\Program Files\Uninstaller
2013-11-10 02:17:22 -------- d-----w- C:\Users\Dana\AppData\Roaming\OpenWebKitSharp Strings
2013-11-10 02:02:19 -------- d-----w- C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B
2013-11-10 02:01:40 -------- d-----w- C:\Users\Dana\AppData\Roaming\DigitalSite
2013-11-09 16:38:36 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-11-09 16:38:28 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-11-06 09:43:20 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F2D5EFD-C39B-4A09-BA30-2BDC5F9BD588}\gapaengine.dll
.
==================== Find3M ====================
.
2013-11-12 01:56:33 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-10-23 18:00:56 454168 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
2013-10-16 00:31:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-11 20:15:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 20:15:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 02:40:41 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 19:09:09.27 ===============


aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-21 19:11:35
-----------------------------
19:11:35.357 OS Version: Windows x64 6.1.7601 Service Pack 1
19:11:35.357 Number of processors: 2 586 0x200
19:11:35.372 ComputerName: DANA-HP UserName: Dana
19:11:37.057 Initialize success
19:12:43.061 AVAST engine download error: 0
19:14:41.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
19:14:41.699 Disk 0 Vendor: ST500DM0 HP73 Size: 476940MB BusType: 11
19:14:41.808 Disk 0 MBR read successfully
19:14:41.808 Disk 0 MBR scan
19:14:41.808 Disk 0 Windows 7 default MBR code
19:14:41.839 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:14:41.855 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459850 MB offset 206848
19:14:41.886 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16988 MB offset 941979648
19:14:41.949 Disk 0 scanning C:\Windows\system32\drivers
19:14:48.391 Service scanning
19:15:03.851 Modules scanning
19:15:03.867 Disk 0 trace - called modules:
19:15:03.882 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:15:04.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047e8790]
19:15:04.444 3 CLASSPNP.SYS[fffff880020ee43f] -> nt!IofCallDriver -> [0xfffffa800439f040]
19:15:04.459 5 amd_xata.sys[fffff880017eeb3f] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa800439b060]
19:15:04.491 Scan finished successfully
19:20:26.210 Disk 0 MBR has been saved successfully to "C:\Users\Dana\Desktop\MBR.dat"
19:20:26.226 The log file has been saved successfully to "C:\Users\Dana\Desktop\aswMBR.txt"


Thanks

ken545
2013-11-26, 20:07
:welcome:

Sorry for the delay

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

JD the DJ
2013-11-26, 21:06
Thanks for helping!


Started desktop in 'Safe Mode with Networking'
Downloaded AdwCleaner (right clicked and 'Ran as Admin..' )
Clicked 'Scan'
Clicked 'Report' (although Notepad did not open, I went to folder and found report)
I do not see anything that can't be easily replaced (like, desktop links to browsers)
(AdwCleaner: I have not clicked 'Clean' )



Below is the log file of AdwCleaner (Part 1 of 2)

# AdwCleaner v3.013 - Report created 26/11/2013 at 11:28:45
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dana - DANA-HP
# Running from : C:\Users\Dana\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c

***** [ Files / Folders ] *****

File Found : C:\Users\Dana\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\zonealarm.xml
File Found : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\user.js
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com
Folder Found : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Found : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
Folder Found : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\InfoAtoms
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Iminent
Folder Found C:\Users\Dana\AppData\Local\Coupon Companion Plugin
Folder Found C:\Users\Dana\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\Dana\AppData\Roaming\digitalsite
Folder Found C:\Users\Dana\AppData\Roaming\Iminent
Folder Found C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\ConduitCommon
Folder Found C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\CT3015261
Folder Found C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Smartbar
Folder Found C:\Users\Dana\AppData\Roaming\pdfforge

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\Desktop\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )
Shortcut Found : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503 )

***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\FLEXnet
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182204}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
Key Found : HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244184404}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=567981372&ir=

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\prefs.js ]

Line Found : user_pref("CT2642707.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2642707.CTID", "CT2642707");
Line Found : user_pref("CT2642707.CurrentServerDate", "28-8-2010");
Line Found : user_pref("CT2642707.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2642707.DownloadReferralCookieData", "");
Line Found : user_pref("CT2642707.EMailNotifierPollDate", "Fri Aug 27 2010 20:37:41 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.ExternalComponentPollDate129273915361569259", "Fri Aug 27 2010 20:31:16 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.FirstServerDate", "28-8-2010");
Line Found : user_pref("CT2642707.FirstTime", true);
Line Found : user_pref("CT2642707.FirstTimeFF3", true);
Line Found : user_pref("CT2642707.FirstTimeSettingsDone", true);
Line Found : user_pref("CT2642707.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2642707.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2642707.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2642707.Initialize", true);
Line Found : user_pref("CT2642707.InitializeCommonPrefs", true);
Line Found : user_pref("CT2642707.InstallationAndCookieDataSentCount", 1);
Line Found : user_pref("CT2642707.InstalledDate", "Fri Aug 27 2010 20:31:18 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.InvalidateCache", false);
Line Found : user_pref("CT2642707.IsGrouping", false);
Line Found : user_pref("CT2642707.IsMulticommunity", false);
Line Found : user_pref("CT2642707.IsOpenThankYouPage", true);
Line Found : user_pref("CT2642707.IsOpenUninstallPage", true);
Line Found : user_pref("CT2642707.LanguagePackLastCheckTime", "Fri Aug 27 2010 20:31:18 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2642707.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2642707.LastLogin_2.7.2.0", "Fri Aug 27 2010 20:32:40 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.LatestVersion", "2.7.2.0");
Line Found : user_pref("CT2642707.Locale", "en");
Line Found : user_pref("CT2642707.LoginCache", 4);
Line Found : user_pref("CT2642707.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2642707.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2642707.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2642707.RadioIsPodcast", false);
Line Found : user_pref("CT2642707.RadioLastCheckTime", "Fri Aug 27 2010 20:32:39 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2642707.RadioLastUpdateServer", "3");
Line Found : user_pref("CT2642707.RadioMediaID", "9962");
Line Found : user_pref("CT2642707.RadioMediaType", "Media Player");
Line Found : user_pref("CT2642707.RadioMenuSelectedID", "EBRadioMenu_CT26427079962");
Line Found : user_pref("CT2642707.RadioStationName", "California%20Rock");
Line Found : user_pref("CT2642707.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT2642707.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2642707&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2642707.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2642707.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&q=");
Line Found : user_pref("CT2642707.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2642707.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2642707.SearchInNewTabLastCheckTime", "Fri Aug 27 2010 20:32:42 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2642707.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2642707.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2642707.SettingsLastCheckTime", "Fri Aug 27 2010 20:31:14 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.SettingsLastUpdate", "1282918036");
Line Found : user_pref("CT2642707.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2642707.ThirdPartyComponentsLastCheck", "Fri Aug 27 2010 20:31:12 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2642707.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2642707.UserID", "UN68802187513420710");
Line Found : user_pref("CT2642707.WeatherNetwork", "");
Line Found : user_pref("CT2642707.WeatherPollDate", "Fri Aug 27 2010 20:31:18 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT2642707.WeatherUnit", "F");
Line Found : user_pref("CT2642707.alertChannelId", "1035394");
Line Found : user_pref("CT2642707.clientLogIsEnabled", false);
Line Found : user_pref("CT2642707.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2642707.myStuffEnabled", true);
Line Found : user_pref("CT2642707.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2642707.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2642707.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2642707.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2642707.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2878731..clientLogIsEnabled", true);
Line Found : user_pref("CT2878731..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2878731..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2878731.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2878731.CT2878736.CommunityChanged", true);
Line Found : user_pref("CT2878731.CT2878740.CommunityChanged", true);
Line Found : user_pref("CT2878731.CT2878743.CommunityChanged", true);
Line Found : user_pref("CT2878731.CT2878746.CommunityChanged", true);
Line Found : user_pref("CT2878731.CT2878751.CommunityChanged", true);
Line Found : user_pref("CT2878731.CT2878754.CommunityChanged", true);
Line Found : user_pref("CT2878731.CT2878761.CommunityChanged", true);
Line Found : user_pref("CT2878731.CTID", "ct2878731");
Line Found : user_pref("CT2878731.CommunitiesChangesLastCheckTime", "Sun Feb 06 2011 22:17:09 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.CommunityChanged", true);
Line Found : user_pref("CT2878731.CurrentServerDate", "7-2-2011");
Line Found : user_pref("CT2878731.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2878731.DownloadReferralCookieData", "");
Line Found : user_pref("CT2878731.FirstServerDate", "8-1-2011");
Line Found : user_pref("CT2878731.FirstTime", true);
Line Found : user_pref("CT2878731.FirstTimeFF3", true);
Line Found : user_pref("CT2878731.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2878731.GroupingLastCheckTime", "Sun Feb 06 2011 22:17:02 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.GroupingLastErrorCode", "");
Line Found : user_pref("CT2878731.GroupingLastResponse", false);
Line Found : user_pref("CT2878731.GroupingLastServerUpdateTime", "129387802624070000");
Line Found : user_pref("CT2878731.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2878731.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2878731.HasUserGlobalKeys", true);
Line Found : user_pref("CT2878731.Initialize", true);
Line Found : user_pref("CT2878731.InitializeCommonPrefs", true);
Line Found : user_pref("CT2878731.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2878731.InstallationId", "IncrediMail_MediaBar_4.exe");
Line Found : user_pref("CT2878731.InstallationType", "ConduitIntegration");
Line Found : user_pref("CT2878731.InstalledDate", "Sat Jan 08 2011 08:15:03 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.IsGrouping", true);
Line Found : user_pref("CT2878731.IsMulticommunity", false);
Line Found : user_pref("CT2878731.IsOpenThankYouPage", false);
Line Found : user_pref("CT2878731.IsOpenUninstallPage", true);
Line Found : user_pref("CT2878731.LanguagePackLastCheckTime", "Sat Jan 08 2011 08:15:06 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2878731.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2878731.LastLogin_3.2.5.2", "Sun Feb 06 2011 22:17:14 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.LatestVersion", "3.2.5.2");
Line Found : user_pref("CT2878731.Locale", "en");
Line Found : user_pref("CT2878731.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2878731.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2878731.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2878731.RadioIsPodcast", false);
Line Found : user_pref("CT2878731.RadioMediaID", "9962");
Line Found : user_pref("CT2878731.RadioMediaType", "Media Player");
Line Found : user_pref("CT2878731.RadioMenuSelectedID", "EBRadioMenu_CT28787319962");
Line Found : user_pref("CT2878731.RadioStationName", "California%20Rock");
Line Found : user_pref("CT2878731.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT2878731.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2878731.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&q=");
Line Found : user_pref("CT2878731.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2878731.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2878731.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2878731.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2878731.ServiceMapLastCheckTime", "Sun Feb 06 2011 22:17:11 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.SettingsLastCheckTime", "Sat Jan 08 2011 08:14:58 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.SettingsLastUpdate", "1294299462");
Line Found : user_pref("CT2878731.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2878731.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 08:14:58 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2878731.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2878731.UserID", "UN31067470497287730");
Line Found : user_pref("CT2878731.WeatherNetwork", "");
Line Found : user_pref("CT2878731.WeatherPollDate", "Sun Feb 06 2011 22:47:22 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.WeatherUnit", "C");
Line Found : user_pref("CT2878731.ct2878731.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2878731.ct2878731.GroupingInvalidateCache", false);
Line Found : user_pref("CT2878731.ct2878731.GroupingLastCheckTime", "Sun Feb 06 2011 22:17:09 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.GroupingLastErrorCode", "");
Line Found : user_pref("CT2878731.ct2878731.GroupingLastResponse", false);
Line Found : user_pref("CT2878731.ct2878731.GroupingLastServerUpdateTime", "129387802624070000");
Line Found : user_pref("CT2878731.ct2878731.InvalidateCache", false);
Line Found : user_pref("CT2878731.ct2878731.LanguagePackLastCheckTime", "Sun Feb 06 2011 22:17:13 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.Locale", "en");
Line Found : user_pref("CT2878731.ct2878731.RadioLastCheckTime", "Sun Feb 06 2011 22:17:18 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2878731.ct2878731.RadioLastUpdateServer", "3");
Line Found : user_pref("CT2878731.ct2878731.SearchInNewTabLastCheckTime", "Sun Feb 06 2011 22:17:11 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.SettingsLastCheckTime", "Sun Feb 06 2011 22:17:02 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.SettingsLastUpdate", "1297007872");
Line Found : user_pref("CT2878731.ct2878731.ThirdPartyComponentsLastCheck", "Sun Feb 06 2011 22:17:01 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2878731.ct2878731.toolbarAppMetaDataLastCheckTime", "Sun Feb 06 2011 22:17:13 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.ct2878731.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 08:15:16 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.myStuffEnabled", true);
Line Found : user_pref("CT2878731.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2878731.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2878731.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2878731.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2878731.testingCtid", "");
Line Found : user_pref("CT2878731.toolbarAppMetaDataLastCheckTime", "Sat Jan 08 2011 08:15:16 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT2878731.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 08:15:16 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261..clientLogIsEnabled", false);
Line Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Fri Jul 13 2012 16:27:02 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true);
Line Found : user_pref("CT3015261.BrowserCompStateIsOpen_1367165901000", true);
Line Found : user_pref("CT3015261.CT3015261", "CT3015261");
Line Found : user_pref("CT3015261.CurrentServerDate", "15-10-2013");
Line Found : user_pref("CT3015261.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Tue Oct 15 2013 10:58:16 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.DownloadReferralCookieData", "");
Line Found : user_pref("CT3015261.EMailNotifierPollDate", "Wed Jul 18 2012 20:07:17 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3015261.FirstServerDate", "2-8-2011");
Line Found : user_pref("CT3015261.FirstTime", true);
Line Found : user_pref("CT3015261.FirstTimeFF3", true);
Line Found : user_pref("CT3015261.FixPageNotFoundErrors", false);
Line Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3015261.HasUserGlobalKeys", true);
Line Found : user_pref("CT3015261.HomePageProtectorEnabled", false);
Line Found : user_pref("CT3015261.Initialize", true);
Line Found : user_pref("CT3015261.InitializeCommonPrefs", true);
Line Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT3015261.InstallationType", "Unknown");
Line Found : user_pref("CT3015261.InstalledDate", "Tue Aug 02 2011 10:23:01 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.InvalidateCache", false);
Line Found : user_pref("CT3015261.IsAlertDBUpdated", true);
Line Found : user_pref("CT3015261.IsGrouping", false);
Line Found : user_pref("CT3015261.IsInitSetupIni", true);
Line Found : user_pref("CT3015261.IsMulticommunity", false);
Line Found : user_pref("CT3015261.IsOpenThankYouPage", true);
Line Found : user_pref("CT3015261.IsOpenUninstallPage", true);
Line Found : user_pref("CT3015261.IsProtectorsInit", true);
Line Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Fri Oct 18 2013 10:58:16 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3015261.LastLogin_3.10.0.1", "Tue Apr 17 2012 20:57:18 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.LastLogin_3.12.0.7", "Tue Apr 24 2012 14:51:19 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.LastLogin_3.12.2.3", "Wed May 30 2012 21:25:41 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.LastLogin_3.13.0.6", "Mon Jul 16 2012 09:58:32 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:28:43 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:36:34 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.16.0.3", "Sun Feb 10 2013 16:01:44 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.18.0.7", "Mon Jul 29 2013 22:07:25 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.19.0.3", "Tue Oct 15 2013 10:58:15 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.6.0.10", "Fri Sep 30 2011 08:24:28 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.LastLogin_3.7.0.6", "Thu Nov 17 2011 13:47:16 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.8.0.8", "Wed Dec 07 2011 16:45:19 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.8.1.0", "Sat Jan 28 2012 12:41:21 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LastLogin_3.9.0.3", "Thu Mar 08 2012 11:03:23 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT3015261.Locale", "en");
Line Found : user_pref("CT3015261.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3015261.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3015261.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT3015261.RadioIsPodcast", false);
Line Found : user_pref("CT3015261.RadioLastCheckTime", "Wed Jul 18 2012 10:00:01 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT3015261.RadioLastUpdateServer", "0");
Line Found : user_pref("CT3015261.RadioMediaID", "7865421");
Line Found : user_pref("CT3015261.RadioMediaType", "Media Player");
Line Found : user_pref("CT3015261.RadioMenuSelectedID", "EBRadioMenu_CT3015261_RECENT7865421");
Line Found : user_pref("CT3015261.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3015261.RadioStationName", "WAMU%2C%2088.5%20FM%2C%20Washington%20DC");
Line Found : user_pref("CT3015261.RadioStationURL", "hxxp://wamu.org/streams/live/1/win");
Line Found : user_pref("CT3015261.RadioVolume", "18");
Line Found : user_pref("CT3015261.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT3015261.SavedHomepage", "hxxps://encrypted.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official");
Line Found : user_pref("CT3015261.SearchEngineBeforeUnload", "MyStart Search");
Line Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=");
Line Found : user_pref("CT3015261.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Fri Oct 18 2013 10:58:08 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3015261.SearchProtectorEnabled", false);
Line Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Fri Oct 18 2013 10:58:08 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.SettingsLastCheckTime", "Tue Oct 15 2013 10:58:07 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.SettingsLastUpdate", "1381306403");
Line Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Tue Jul 17 2012 10:14:53 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3015261.UserID", "UN47010554705404406");
Line Found : user_pref("CT3015261.ValidationData_Search", 2);
Line Found : user_pref("CT3015261.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3015261.WeatherNetwork", "");
Line Found : user_pref("CT3015261.WeatherPollDate", "Wed Jul 18 2012 20:02:19 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.WeatherUnit", "F");
Line Found : user_pref("CT3015261.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3015261.alertChannelId", "1406927");
Line Found : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F32312F32303131");
Line Found : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544");
Line Found : user_pref("CT3015261.components.1000082", true);
Line Found : user_pref("CT3015261.components.1000234", true);
Line Found : user_pref("CT3015261.enableAlerts", "always");
Line Found : user_pref("CT3015261.firstTimeDialogOpened", true);
Line Found : user_pref("CT3015261.fixPageNotFoundErrorByUser", "false");
Line Found : user_pref("CT3015261.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3015261.fullUserID", "UN47010554705404406.UP.2135");
Line Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Jul 08 2012 20:32:06 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3015261.initDone", true);
Line Found : user_pref("CT3015261.installType", "Unknown");
Line Found : user_pref("CT3015261.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3015261.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3015261.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3015261.isFirstRadioInstallation", false);
Line Found : user_pref("CT3015261.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3015261.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3015261.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3015261.keyword", true);
Line Found : user_pref("CT3015261.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3015261&octid=CT3015261&SearchSource=15&CUI=UN47010554705404406&SSPV=&Lay=1&UM=\"}");
Line Found : user_pref("CT3015261.lastVersion", "10.20.101.5");
Line Found : user_pref("CT3015261.myStuffEnabled", true);
Line Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3015261.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://CCC004.OurToolbar.com/\",\"EB_TOOLBAR_[...]
Line Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129506578326556709,129506578328734533,1000080,129533670857631562,1000034,129791245798178143,12950657832[...]
Line Found : user_pref("CT3015261.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT3015261.revertSettingsEnabled", false);
Line Found : user_pref("CT3015261.search.searchCount", 2);
Line Found : user_pref("CT3015261.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3015261.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3015261.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3015261.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3015261.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT3015261.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3015261.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3015261.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3015261\"}");
Line Found : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ZoneAlarmSecuritySuite.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"ZoneAlarm Security Suite \"}");
Line Found : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3015261.serviceLayer_services_Configuration_lastUpdate", "1384907893236");
Line Found : user_pref("CT3015261.serviceLayer_services_login_10.20.101.5_lastUpdate", "1384907893233");
Line Found : user_pref("CT3015261.serviceLayer_services_searchAPI_lastUpdate", "1384889693692");
Line Found : user_pref("CT3015261.serviceLayer_services_serviceMap_lastUpdate", "1384889690579");
Line Found : user_pref("CT3015261.serviceLayer_services_toolbarSettings_lastUpdate", "1384907893238");
Line Found : user_pref("CT3015261.serviceLayer_services_translation_lastUpdate", "1384907893240");
Line Found : user_pref("CT3015261.settingsINI", true);
Line Found : user_pref("CT3015261.showToolbarPermission", "false");
Line Found : user_pref("CT3015261.smartbar.CTID", "CT3015261");
Line Found : user_pref("CT3015261.smartbar.Uninstall", "0");
Line Found : user_pref("CT3015261.smartbar.toolbarName", "ZoneAlarm Security Suite ");

JD the DJ
2013-11-26, 21:08
Line Found : user_pref("CT3015261.testingCtid", "");
Line Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Fri Oct 18 2013 10:58:08 GMT-0600 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.toolbarBornServerTime", "2-8-2011");
Line Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Mon Jul 16 2012 09:58:32 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CT3015261.toolbarCurrentServerTime", "19-11-2013");
Line Found : user_pref("CT3015261.toolbarLoginClientTime", "Tue Nov 19 2013 17:38:12 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("CT3015261.upgradeFromOBVersion", true);
Line Found : user_pref("CT3015261.usagesFlag", 2);
Line Found : user_pref("CT3015261.youtube_user_first_login_date.from_oldbar.enc", "MDgvMjEvMjAxMQ==");
Line Found : user_pref("CT3015261.youtube_user_survey_visit.from_oldbar.enc", "Tk9UX1ZJU0lURUQ=");
Line Found : user_pref("CT3015261_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384907889695,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3015261&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm Security Suite Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3015261/CT3015261", "\"e20eab1696076daffef5cba7672dd5983\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1035394/1031105/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270698/1266370/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270703/1266375/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270707/1266379/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270710/1266382/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270713/1266385/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270718/1266390/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270721/1266393/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270727/1266399/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2878731", "\"1292753069\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", "\"1367217955\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2878731", "\"1292753069\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "L+tncv4eqt6Qm5T3dzChdA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "poKjTfHs0NrVUIalKI8jyg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "QmycQXJXVyFVAzIiNllWhQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f9\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15ff\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"f414eeaa6bece1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:1254\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"023d3d3f2c9cc1:12ce\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634325899280830000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=CT3015261", "\"1321893810\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2878731/CT2878731", "\"1294299462\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2878731/CT2878731", "\"1297007872\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/634084960850172500.png", "\"42eee7aac1eaca1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634492029952000000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"2d87e72a099b1428cae19f08d2b5e786\"");
Line Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Line Found : user_pref("CommunityToolbar.EngineOwner", "CT2878731");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{90eee664-34b1-422a-a782-779af65cdf6d}");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_4");
Line Found : user_pref("CommunityToolbar.IsEngineShown", false);
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dana\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\mlwj5sce.default\\conduitCommon\\modules\\3.14.1.0");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2878731");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{90eee664-34b1-422a-a782-779af65cdf6d}");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_4");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2642707,CT2878731,ConduitEngine,CT3015261");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2642707,CT2878731,CT3015261");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261");
Line Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 03 2011 15:54:54 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 12:18:02 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 17:38:33 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{cb72ebb3-e315-40ed-bf55-4f68d0ff03df}");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 21:07:59 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "714612f7-65bf-4ca8-ae41-b6bb936c3585");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 18 2012 20:02:19 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jul 18 2012 15:25:15 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 18 2012 15:25:06 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "2a19a1ea-492f-4567-85cc-363f4e0477d8");
Line Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 18 2011 14:18:57 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 16:56:35 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.FirstServerDate", "02/08/2011 18");
Line Found : user_pref("ConduitEngine.FirstTime", true);
Line Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Found : user_pref("ConduitEngine.Initialize", true);
Line Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Found : user_pref("ConduitEngine.InstalledDate", "Tue Feb 08 2011 08:30:09 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("ConduitEngine.IsMulticommunity", false);
Line Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 28 2011 20:03:25 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Mar 07 2011 09:51:17 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Mar 28 2011 20:03:24 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Mar 28 2011 20:03:25 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.UserID", "UN07412012110148902");
Line Found : user_pref("ConduitEngine.engineLocale", "en-US");
Line Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 28 2011 20:03:25 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Mar 28 2011 20:03:24 GMT-0600 (Mountain Daylight Time)");
Line Found : user_pref("ConduitEngine.initDone", true);
Line Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3015261");
Line Found : user_pref("browser.newtab.url", "hxxp://www.dosearches.com/newtab/?utm_source=b&utm_medium=tugs&utm_campaign=ST500DM002-1BD142_W2AC2RGF&utm_content=nt&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=13840[...]
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Security Suite Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.order.1", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtC[...]
Line Found : user_pref("extensions.crossrider.bic", "13cc6c4c47eba88721f16932852328e6");
Line Found : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1360543829);
Line Found : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.active", true);
Line Found : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp21804.21804.backgroundver", 38);
Line Found : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1360543829");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1360543829");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Tue Nov 19 2013 12:39:51 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%2274052%26pid%3D1269%5C%22%3A%7Bs%3A%5B%5C%2274052%26pid%3D1695%5C%22%[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Tue Nov 19 2013 12:39:51 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22bing.com%2Cfacebook.com%2Cnonexistantdomain.com%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1361207894");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Tue Nov 26 2013 12:34:50 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1384052597");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221383332211%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_delay.value", "24");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure.value", "1368378137");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list.expiration", "Tue Nov 19 2013 18:34:53 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list_temp.expiration", "Tue Nov 19 2013 12:44:51 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list_temp.value", "1384889691.048");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22100086%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22100086%26subid%3D%26pid%3D1322%2[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221360453528%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1360544726247");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22142034%22");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1360544711778");
Line Found : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Line Found : user_pref("extensions.crossriderapp21804.21804.domain", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.group", 0);
Line Found : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2244E9D12F4AB44D84BFCEB7FCC55414C7IE%22%2C%22installer_verifier%22%3A%229b5a24affd9b75[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "54");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Tue Nov 19 2013 18:34:50 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Found : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Line Found : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 6);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Obje[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 39);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.g[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 3);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 5);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 9);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, Joh[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 4);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 4);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 4);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 3);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 4);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 3);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 2);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 3);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 3);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.name", "omniCommands");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.ver", 2);
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Found : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Found : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/21804/plugins/088/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 51);
Line Found : user_pref("extensions.crossriderapp21804.21804.publisher", "Innovative Apps");
Line Found : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Line Found : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp21804.21804.ver", 54);
Line Found : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp21804.apps", "21804");
Line Found : user_pref("extensions.crossriderapp21804.bic", "13cc6c4c47eba88721f16932852328e6");
Line Found : user_pref("extensions.crossriderapp21804.cid", 21804);
Line Found : user_pref("extensions.crossriderapp21804.firstrun", false);
Line Found : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp21804.installationdate", 1360544450);
Line Found : user_pref("extensions.crossriderapp21804.lastcheck", 23081495);
Line Found : user_pref("extensions.crossriderapp21804.lastcheckitem", 23081495);
Line Found : user_pref("extensions.crossriderapp21804.modetype", "production");
Line Found : user_pref("extensions.crossriderapp21804.reportInstall", true);
Line Found : user_pref("extensions.crossriderapp21804.updating", true);
Line Found : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,jqs@sun.com:1.0,hxxps-everyw[...]
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.cr", "567981372");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.dspFFXOld", "dosearches");
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "C7ADB1E6B91217ADB0D130634A39B981");
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Line Found : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503");
Line Found : user_pref("extensions.mysearchdial.id", "E840F2E0F4FD5E8F");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16018");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.lastB", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503");
Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.019:1:37");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.sg", "none");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:1:37");
Line Found : user_pref("iminent.webbooster.scripts.minibar.enabledAds", "false");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1361514030577");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1367005151201");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1371882045716");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1362114923286");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1371882045724");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1363722747186");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1371882045733");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1363628684694");
Line Found : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1365296279546");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1367478403185");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1371881544091");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1365182017303");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1371881544104");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1371881551998");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1371881544114");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1366388102733");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&CUI=UN47010554705404406&UM=&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3015261");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3015261&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&CU[...]
Line Found : user_pref("smartbar.machineId", "LLKOQ1RTZOXO7Y2MI5D6J6S9ZLVKPYQS+QBUYUA/FDTVEJ1STQZYMIGUOF6UV/Z9BNHQDHKSHFFTJ6BCXFV0RA");

-\\ Google Chrome v

[ File : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [97613 octets] - [26/11/2013 11:28:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [97674 octets] ##########

ken545
2013-11-26, 21:44
Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

JD the DJ
2013-11-27, 01:14
Started desktop in 'Safe Mode with Networking', ran AdwCleaner 'Scan', however, clicking 'Clean' did not work.
Restarted desktop in Normal mode, ran AdwCleaner 'Scan', clicked 'Clean', it worked.
Rebooted desktop (Normal mode) AdwCleaner log file posted below
Ran JRT 'as Administrator' (think I got all protection software shut down)
JRT log file posted below


AdwCleaner log file (Part 1 of 2)
# AdwCleaner v3.013 - Report created 26/11/2013 at 14:41:56
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dana - DANA-HP
# Running from : C:\Users\Dana\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\Program Files (x86)\InfoAtoms
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Dana\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Dana\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Dana\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Dana\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Dana\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\ConduitCommon
Folder Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Smartbar
Folder Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\CT3015261
Folder Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com
Folder Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\Extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
Folder Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\Users\Dana\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Dana\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182204}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244184404}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
Key Deleted : HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\prefs.js ]

Line Deleted : user_pref("CT2642707.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2642707.CTID", "CT2642707");
Line Deleted : user_pref("CT2642707.CurrentServerDate", "28-8-2010");
Line Deleted : user_pref("CT2642707.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2642707.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2642707.EMailNotifierPollDate", "Fri Aug 27 2010 20:37:41 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.ExternalComponentPollDate129273915361569259", "Fri Aug 27 2010 20:31:16 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.FirstServerDate", "28-8-2010");
Line Deleted : user_pref("CT2642707.FirstTime", true);
Line Deleted : user_pref("CT2642707.FirstTimeFF3", true);
Line Deleted : user_pref("CT2642707.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2642707.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2642707.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2642707.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2642707.Initialize", true);
Line Deleted : user_pref("CT2642707.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2642707.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2642707.InstalledDate", "Fri Aug 27 2010 20:31:18 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.InvalidateCache", false);
Line Deleted : user_pref("CT2642707.IsGrouping", false);
Line Deleted : user_pref("CT2642707.IsMulticommunity", false);
Line Deleted : user_pref("CT2642707.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2642707.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2642707.LanguagePackLastCheckTime", "Fri Aug 27 2010 20:31:18 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2642707.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2642707.LastLogin_2.7.2.0", "Fri Aug 27 2010 20:32:40 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT2642707.Locale", "en");
Line Deleted : user_pref("CT2642707.LoginCache", 4);
Line Deleted : user_pref("CT2642707.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2642707.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2642707.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2642707.RadioIsPodcast", false);
Line Deleted : user_pref("CT2642707.RadioLastCheckTime", "Fri Aug 27 2010 20:32:39 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2642707.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT2642707.RadioMediaID", "9962");
Line Deleted : user_pref("CT2642707.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2642707.RadioMenuSelectedID", "EBRadioMenu_CT26427079962");
Line Deleted : user_pref("CT2642707.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT2642707.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT2642707.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2642707&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2642707.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2642707.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&q=");
Line Deleted : user_pref("CT2642707.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2642707.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2642707.SearchInNewTabLastCheckTime", "Fri Aug 27 2010 20:32:42 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2642707.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2642707.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2642707.SettingsLastCheckTime", "Fri Aug 27 2010 20:31:14 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.SettingsLastUpdate", "1282918036");
Line Deleted : user_pref("CT2642707.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2642707.ThirdPartyComponentsLastCheck", "Fri Aug 27 2010 20:31:12 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2642707.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2642707.UserID", "UN68802187513420710");
Line Deleted : user_pref("CT2642707.WeatherNetwork", "");
Line Deleted : user_pref("CT2642707.WeatherPollDate", "Fri Aug 27 2010 20:31:18 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2642707.WeatherUnit", "F");
Line Deleted : user_pref("CT2642707.alertChannelId", "1035394");
Line Deleted : user_pref("CT2642707.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2642707.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2642707.myStuffEnabled", true);
Line Deleted : user_pref("CT2642707.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2642707.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2642707.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2642707.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2642707.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2878731..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2878731..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2878731..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2878731.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2878731.CT2878736.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CT2878740.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CT2878743.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CT2878746.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CT2878751.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CT2878754.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CT2878761.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CTID", "ct2878731");
Line Deleted : user_pref("CT2878731.CommunitiesChangesLastCheckTime", "Sun Feb 06 2011 22:17:09 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.CommunityChanged", true);
Line Deleted : user_pref("CT2878731.CurrentServerDate", "7-2-2011");
Line Deleted : user_pref("CT2878731.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2878731.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2878731.FirstServerDate", "8-1-2011");
Line Deleted : user_pref("CT2878731.FirstTime", true);
Line Deleted : user_pref("CT2878731.FirstTimeFF3", true);
Line Deleted : user_pref("CT2878731.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2878731.GroupingLastCheckTime", "Sun Feb 06 2011 22:17:02 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT2878731.GroupingLastResponse", false);
Line Deleted : user_pref("CT2878731.GroupingLastServerUpdateTime", "129387802624070000");
Line Deleted : user_pref("CT2878731.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2878731.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2878731.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2878731.Initialize", true);
Line Deleted : user_pref("CT2878731.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2878731.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2878731.InstallationId", "IncrediMail_MediaBar_4.exe");
Line Deleted : user_pref("CT2878731.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2878731.InstalledDate", "Sat Jan 08 2011 08:15:03 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.IsGrouping", true);
Line Deleted : user_pref("CT2878731.IsMulticommunity", false);
Line Deleted : user_pref("CT2878731.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2878731.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2878731.LanguagePackLastCheckTime", "Sat Jan 08 2011 08:15:06 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2878731.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2878731.LastLogin_3.2.5.2", "Sun Feb 06 2011 22:17:14 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2878731.Locale", "en");
Line Deleted : user_pref("CT2878731.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2878731.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2878731.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2878731.RadioIsPodcast", false);
Line Deleted : user_pref("CT2878731.RadioMediaID", "9962");
Line Deleted : user_pref("CT2878731.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2878731.RadioMenuSelectedID", "EBRadioMenu_CT28787319962");
Line Deleted : user_pref("CT2878731.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT2878731.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT2878731.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2878731.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&q=");
Line Deleted : user_pref("CT2878731.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2878731.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2878731.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2878731.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2878731.ServiceMapLastCheckTime", "Sun Feb 06 2011 22:17:11 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.SettingsLastCheckTime", "Sat Jan 08 2011 08:14:58 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.SettingsLastUpdate", "1294299462");
Line Deleted : user_pref("CT2878731.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2878731.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 08:14:58 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2878731.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2878731.UserID", "UN31067470497287730");
Line Deleted : user_pref("CT2878731.WeatherNetwork", "");
Line Deleted : user_pref("CT2878731.WeatherPollDate", "Sun Feb 06 2011 22:47:22 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.WeatherUnit", "C");
Line Deleted : user_pref("CT2878731.ct2878731.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2878731.ct2878731.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2878731.ct2878731.GroupingLastCheckTime", "Sun Feb 06 2011 22:17:09 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT2878731.ct2878731.GroupingLastResponse", false);
Line Deleted : user_pref("CT2878731.ct2878731.GroupingLastServerUpdateTime", "129387802624070000");
Line Deleted : user_pref("CT2878731.ct2878731.InvalidateCache", false);
Line Deleted : user_pref("CT2878731.ct2878731.LanguagePackLastCheckTime", "Sun Feb 06 2011 22:17:13 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.Locale", "en");
Line Deleted : user_pref("CT2878731.ct2878731.RadioLastCheckTime", "Sun Feb 06 2011 22:17:18 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2878731.ct2878731.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT2878731.ct2878731.SearchInNewTabLastCheckTime", "Sun Feb 06 2011 22:17:11 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.SettingsLastCheckTime", "Sun Feb 06 2011 22:17:02 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.SettingsLastUpdate", "1297007872");
Line Deleted : user_pref("CT2878731.ct2878731.ThirdPartyComponentsLastCheck", "Sun Feb 06 2011 22:17:01 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2878731.ct2878731.toolbarAppMetaDataLastCheckTime", "Sun Feb 06 2011 22:17:13 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.ct2878731.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 08:15:16 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.myStuffEnabled", true);
Line Deleted : user_pref("CT2878731.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2878731.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2878731.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2878731.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2878731.testingCtid", "");
Line Deleted : user_pref("CT2878731.toolbarAppMetaDataLastCheckTime", "Sat Jan 08 2011 08:15:16 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2878731.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 08:15:16 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Fri Jul 13 2012 16:27:02 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true);
Line Deleted : user_pref("CT3015261.BrowserCompStateIsOpen_1367165901000", true);
Line Deleted : user_pref("CT3015261.CT3015261", "CT3015261");
Line Deleted : user_pref("CT3015261.CurrentServerDate", "15-10-2013");
Line Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Tue Oct 15 2013 10:58:16 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Wed Jul 18 2012 20:07:17 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3015261.FirstServerDate", "2-8-2011");
Line Deleted : user_pref("CT3015261.FirstTime", true);
Line Deleted : user_pref("CT3015261.FirstTimeFF3", true);
Line Deleted : user_pref("CT3015261.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3015261.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3015261.Initialize", true);
Line Deleted : user_pref("CT3015261.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3015261.InstallationType", "Unknown");
Line Deleted : user_pref("CT3015261.InstalledDate", "Tue Aug 02 2011 10:23:01 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.InvalidateCache", false);
Line Deleted : user_pref("CT3015261.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3015261.IsGrouping", false);
Line Deleted : user_pref("CT3015261.IsInitSetupIni", true);
Line Deleted : user_pref("CT3015261.IsMulticommunity", false);
Line Deleted : user_pref("CT3015261.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3015261.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3015261.IsProtectorsInit", true);
Line Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Fri Oct 18 2013 10:58:16 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3015261.LastLogin_3.10.0.1", "Tue Apr 17 2012 20:57:18 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.12.0.7", "Tue Apr 24 2012 14:51:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.12.2.3", "Wed May 30 2012 21:25:41 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.13.0.6", "Mon Jul 16 2012 09:58:32 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:28:43 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:36:34 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.16.0.3", "Sun Feb 10 2013 16:01:44 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.18.0.7", "Mon Jul 29 2013 22:07:25 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.19.0.3", "Tue Oct 15 2013 10:58:15 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.6.0.10", "Fri Sep 30 2011 08:24:28 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.7.0.6", "Thu Nov 17 2011 13:47:16 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.8.0.8", "Wed Dec 07 2011 16:45:19 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.8.1.0", "Sat Jan 28 2012 12:41:21 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.9.0.3", "Thu Mar 08 2012 11:03:23 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT3015261.Locale", "en");
Line Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.6.0.10");
Line Deleted : user_pref("CT3015261.RadioIsPodcast", false);
Line Deleted : user_pref("CT3015261.RadioLastCheckTime", "Wed Jul 18 2012 10:00:01 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3015261.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT3015261.RadioMediaID", "7865421");
Line Deleted : user_pref("CT3015261.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3015261.RadioMenuSelectedID", "EBRadioMenu_CT3015261_RECENT7865421");
Line Deleted : user_pref("CT3015261.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3015261.RadioStationName", "WAMU%2C%2088.5%20FM%2C%20Washington%20DC");
Line Deleted : user_pref("CT3015261.RadioStationURL", "hxxp://wamu.org/streams/live/1/win");
Line Deleted : user_pref("CT3015261.RadioVolume", "18");
Line Deleted : user_pref("CT3015261.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT3015261.SavedHomepage", "hxxps://encrypted.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official");
Line Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "MyStart Search");
Line Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=");
Line Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Fri Oct 18 2013 10:58:08 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT3015261.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Fri Oct 18 2013 10:58:08 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Tue Oct 15 2013 10:58:07 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.SettingsLastUpdate", "1381306403");
Line Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Tue Jul 17 2012 10:14:53 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3015261.UserID", "UN47010554705404406");
Line Deleted : user_pref("CT3015261.ValidationData_Search", 2);
Line Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3015261.WeatherNetwork", "");
Line Deleted : user_pref("CT3015261.WeatherPollDate", "Wed Jul 18 2012 20:02:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.WeatherUnit", "F");
Line Deleted : user_pref("CT3015261.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3015261.alertChannelId", "1406927");
Line Deleted : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F32312F32303131");
Line Deleted : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544");
Line Deleted : user_pref("CT3015261.components.1000082", true);
Line Deleted : user_pref("CT3015261.components.1000234", true);
Line Deleted : user_pref("CT3015261.enableAlerts", "always");
Line Deleted : user_pref("CT3015261.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT3015261.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT3015261.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3015261.fullUserID", "UN47010554705404406.UP.2135");
Line Deleted : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]

JD the DJ
2013-11-27, 01:17
Line Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Jul 08 2012 20:32:06 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3015261.initDone", true);
Line Deleted : user_pref("CT3015261.installType", "Unknown");
Line Deleted : user_pref("CT3015261.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3015261.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3015261.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3015261.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3015261.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3015261.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3015261.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3015261.keyword", true);
Line Deleted : user_pref("CT3015261.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3015261&octid=CT3015261&SearchSource=15&CUI=UN47010554705404406&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT3015261.lastVersion", "10.20.101.5");
Line Deleted : user_pref("CT3015261.myStuffEnabled", true);
Line Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3015261.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://CCC004.OurToolbar.com/\",\"EB_TOOLBAR_[...]
Line Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129506578326556709,129506578328734533,1000080,129533670857631562,1000034,129791245798178143,12950657832[...]
Line Deleted : user_pref("CT3015261.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT3015261.revertSettingsEnabled", false);
Line Deleted : user_pref("CT3015261.search.searchCount", 2);
Line Deleted : user_pref("CT3015261.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3015261.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3015261.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3015261.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3015261.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3015261.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3015261.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3015261\"}");
Line Deleted : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ZoneAlarmSecuritySuite.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"ZoneAlarm Security Suite \"}");
Line Deleted : user_pref("CT3015261.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3015261.serviceLayer_services_Configuration_lastUpdate", "1384907893236");
Line Deleted : user_pref("CT3015261.serviceLayer_services_login_10.20.101.5_lastUpdate", "1384907893233");
Line Deleted : user_pref("CT3015261.serviceLayer_services_searchAPI_lastUpdate", "1384889693692");
Line Deleted : user_pref("CT3015261.serviceLayer_services_serviceMap_lastUpdate", "1384889690579");
Line Deleted : user_pref("CT3015261.serviceLayer_services_toolbarSettings_lastUpdate", "1384907893238");
Line Deleted : user_pref("CT3015261.serviceLayer_services_translation_lastUpdate", "1384907893240");
Line Deleted : user_pref("CT3015261.settingsINI", true);
Line Deleted : user_pref("CT3015261.showToolbarPermission", "false");
Line Deleted : user_pref("CT3015261.smartbar.CTID", "CT3015261");
Line Deleted : user_pref("CT3015261.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3015261.smartbar.toolbarName", "ZoneAlarm Security Suite ");
Line Deleted : user_pref("CT3015261.testingCtid", "");
Line Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Fri Oct 18 2013 10:58:08 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.toolbarBornServerTime", "2-8-2011");
Line Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Mon Jul 16 2012 09:58:32 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3015261.toolbarCurrentServerTime", "19-11-2013");
Line Deleted : user_pref("CT3015261.toolbarLoginClientTime", "Tue Nov 19 2013 17:38:12 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3015261.upgradeFromOBVersion", true);
Line Deleted : user_pref("CT3015261.usagesFlag", 2);
Line Deleted : user_pref("CT3015261.youtube_user_first_login_date.from_oldbar.enc", "MDgvMjEvMjAxMQ==");
Line Deleted : user_pref("CT3015261.youtube_user_survey_visit.from_oldbar.enc", "Tk9UX1ZJU0lURUQ=");
Line Deleted : user_pref("CT3015261_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384907889695,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3015261&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm Security Suite Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3015261/CT3015261", "\"e20eab1696076daffef5cba7672dd5983\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1035394/1031105/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270698/1266370/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270703/1266375/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270707/1266379/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270710/1266382/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270713/1266385/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270718/1266390/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270721/1266393/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1270727/1266399/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2878731", "\"1292753069\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", "\"1367217955\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2878731", "\"1292753069\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "poKjTfHs0NrVUIalKI8jyg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f9\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15ff\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"f414eeaa6bece1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:1254\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"023d3d3f2c9cc1:12ce\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634325899280830000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=CT3015261", "\"1321893810\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2878731/CT2878731", "\"1294299462\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2878731/CT2878731", "\"1297007872\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/634084960850172500.png", "\"42eee7aac1eaca1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634492029952000000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"2d87e72a099b1428cae19f08d2b5e786\"");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2878731");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{90eee664-34b1-422a-a782-779af65cdf6d}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_4");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dana\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\mlwj5sce.default\\conduitCommon\\modules\\3.14.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2878731");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{90eee664-34b1-422a-a782-779af65cdf6d}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_4");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2642707,CT2878731,ConduitEngine,CT3015261");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2642707,CT2878731,CT3015261");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 03 2011 15:54:54 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 12:18:02 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 17:38:33 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{cb72ebb3-e315-40ed-bf55-4f68d0ff03df}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 21:07:59 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "714612f7-65bf-4ca8-ae41-b6bb936c3585");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 18 2012 20:02:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jul 18 2012 15:25:15 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 18 2012 15:25:06 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "2a19a1ea-492f-4567-85cc-363f4e0477d8");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 18 2011 14:18:57 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 16:56:35 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "02/08/2011 18");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Feb 08 2011 08:30:09 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 28 2011 20:03:25 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Mar 07 2011 09:51:17 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Mar 28 2011 20:03:24 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Mar 28 2011 20:03:25 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN07412012110148902");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 28 2011 20:03:25 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Mar 28 2011 20:03:24 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3015261");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.dosearches.com/newtab/?utm_source=b&utm_medium=tugs&utm_campaign=ST500DM002-1BD142_W2AC2RGF&utm_content=nt&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=13840[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Security Suite Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtC[...]
Line Deleted : user_pref("extensions.crossrider.bic", "13cc6c4c47eba88721f16932852328e6");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1360543829);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 38);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1360543829");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1360543829");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Tue Nov 19 2013 12:39:51 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%2274052%26pid%3D1269%5C%22%3A%7Bs%3A%5B%5C%2274052%26pid%3D1695%5C%22%[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Tue Nov 19 2013 12:39:51 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22bing.com%2Cfacebook.com%2Cnonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1361207894");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Tue Nov 26 2013 12:34:50 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1384052597");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221383332211%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure.value", "1368378137");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list.expiration", "Tue Nov 19 2013 18:34:53 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list_temp.expiration", "Tue Nov 19 2013 12:44:51 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_list_temp.value", "1384889691.048");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22100086%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22100086%26subid%3D%26pid%3D1322%2[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221360453528%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1360544726247");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22142034%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1360544711778");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2244E9D12F4AB44D84BFCEB7FCC55414C7IE%22%2C%22installer_verifier%22%3A%229b5a24affd9b75[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "54");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Tue Nov 19 2013 18:34:50 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Obje[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.g[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, Joh[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/21804/plugins/088/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 51);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 54);
Line Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Line Deleted : user_pref("extensions.crossriderapp21804.bic", "13cc6c4c47eba88721f16932852328e6");
Line Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Line Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1360544450);
Line Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 23081495);
Line Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 23081495);
Line Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp21804.updating", true);
Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,jqs@sun.com:1.0,hxxps-everyw[...]
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "567981372");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.dspFFXOld", "dosearches");
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "C7ADB1E6B91217ADB0D130634A39B981");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Line Deleted : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503");
Line Deleted : user_pref("extensions.mysearchdial.id", "E840F2E0F4FD5E8F");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16018");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST500DM002-1BD142_W2AC2RGF&ts=1384049503");
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.019:1:37");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0EtD0FyE0F0DyD0Ezz0FtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:1:37");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.enabledAds", "false");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1361514030577");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1367005151201");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1371882045716");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1362114923286");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1371882045724");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1363722747186");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1371882045733");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1363628684694");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1365296279546");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1367478403185");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1371881544091");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1365182017303");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1371881544104");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1371881551998");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1371881544114");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1366388102733");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&CUI=UN47010554705404406&UM=&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3015261");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3015261&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.machineId", "LLKOQ1RTZOXO7Y2MI5D6J6S9ZLVKPYQS+QBUYUA/FDTVEJ1STQZYMIGUOF6UV/Z9BNHQDHKSHFFTJ6BCXFV0RA");

-\\ Google Chrome v

[ File : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [98047 octets] - [26/11/2013 11:28:45]
AdwCleaner[R1].txt - [98108 octets] - [26/11/2013 13:58:20]
AdwCleaner[R2].txt - [98169 octets] - [26/11/2013 14:34:44]
AdwCleaner[S0].txt - [97503 octets] - [26/11/2013 14:41:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [97564 octets] ##########


JRT log file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dana on Tue 11/26/2013 at 15:03:38.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3E6AE1CD-3E17-4CCC-ABB7-CB1C7AF48273}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3E6AE1CD-3E17-4CCC-ABB7-CB1C7AF48273}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"
Successfully deleted: [File] C:\Windows\syswow64\sho1897.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA88F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEFBA.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Dana\appdata\local\updater21804"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Dana\AppData\Roaming\mozilla\firefox\profiles\mlwj5sce.default\extensions\extension21804@extension21804.com
Emptied folder: C:\Users\Dana\AppData\Roaming\mozilla\firefox\profiles\mlwj5sce.default\minidumps [38 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/26/2013 at 15:26:00.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545
2013-11-27, 01:22
:bigthumb:

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

JD the DJ
2013-11-27, 02:07
already had MBAM on desktop, but downloaded MBAM from link you provided
Installed, Updated, Ran 'Quick Scan'

MBAM log file

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Dana :: DANA-HP [administrator]

Protection: Disabled

11/26/2013 4:53:33 PM
mbam-log-2013-11-26 (16-53-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208268
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ken545
2013-11-27, 02:14
Is DO SEARCHES still an issue or is it gone ?

JD the DJ
2013-11-27, 04:38
The start pages of all 3 browsers (Chrome, IE and FF) do not use that page now (THANKS! :) )
Restarted desktop to be sure it didn't come back (had to wait for many updates to download and install)
The DOSEARCHES page did not appear.

ken545
2013-11-27, 12:26
Good,

Run this scanner and post the log and lets check for any leftovers that may have to be removed

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

JD the DJ
2013-11-27, 22:19
OTL.txt file (part 1 of 2)

OTL logfile created on: 11/27/2013 12:44:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dana\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 50.05% Memory free
7.20 Gb Paging File | 4.64 Gb Available in Paging File | 64.52% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 376.89 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS

Computer Name: DANA-HP | User Name: Dana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dana\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\MSGTAG\MSGTAG.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
MOD - C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll ()
MOD - C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll ()
MOD - C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\MSGTAG\MSGTAG.exe ()
MOD - C:\Program Files (x86)\ScanSoft\PaperPort\Blicectr.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{1D6808BD-DAF3-DF00-070D-50C3E42B2DB4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{3E6AE1CD-3E17-4CCC-ABB7-CB1C7AF48273}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{78286A4E-F424-DB7B-90A3-4348E72C120F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\SearchScopes,DefaultScope = {68866E83-D49C-4EB9-9C6F-6CBA1C047602}
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\SearchScopes\{1D6808BD-DAF3-DF00-070D-50C3E42B2DB4}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=a8173ec17d69495397e8888238e70ea4&tu=10GXz00Aw2C01g0&sku=&tstsId=&ver=&&r=941
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\SearchScopes\{68866E83-D49C-4EB9-9C6F-6CBA1C047602}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B00F0643E-B367-4779-B45D-7046EBA37A88%7D:13.0.1.9979
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dana\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dana\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 2012\spmplugin3 [2012/07/16 20:47:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 20:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/09 20:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/13 06:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/09 20:48:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/14 08:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Extensions
[2013/11/26 15:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions
[2012/07/16 19:42:32 | 000,000,000 | ---D | M] ("TinyUrl Creator") -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2013/07/30 16:22:43 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\donottrackplus@abine.com
[2013/11/09 20:02:53 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\ffxtlbr@zonealarm.com
[2013/10/15 10:02:20 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\https-everywhere@eff.org
[2013/11/07 13:47:32 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\firefox@batbrowse.com.xpi
[2012/02/17 09:26:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/21 00:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2010/03/30 21:48:32 | 000,005,500 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\foodtv.xml
[2008/06/21 15:49:50 | 000,000,908 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\IMDB.xml
[2008/06/21 15:49:50 | 000,001,108 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\mlwj5sce.default\searchplugins\wikipedia.xml
[2013/11/26 14:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/09 20:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/09 20:50:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/26 19:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/11/26 19:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/11/26 19:05:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/16 20:47:38 | 000,000,000 | ---D | M] (Steganos Password Manager) -- C:\PROGRAM FILES (X86)\STEGANOS PASSWORD MANAGER 2012\SPMPLUGIN3

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dana\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dana\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/11/11 18:38:05 | 000,449,836 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\..\Toolbar\WebBrowser: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Update 5300C] C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan\update.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-899990179-4107465522-2500062467-1001..\Run: [MSGTAG] C:\Program Files (x86)\MSGTAG\MSGTAG.exe ()
O4 - HKU\S-1-5-21-899990179-4107465522-2500062467-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-899990179-4107465522-2500062467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB20EBE-68F5-4056-9AEB-9486E27E68D3}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 12:41:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
[2013/11/26 17:39:59 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/26 17:35:25 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/26 17:35:25 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/26 17:35:17 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/26 17:35:17 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 17:35:17 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/26 17:35:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/26 17:35:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/26 17:35:17 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/26 17:35:16 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 17:35:16 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 17:35:16 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/26 17:35:16 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/26 17:35:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/26 17:35:16 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 17:35:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 17:35:16 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/26 17:35:16 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/26 17:35:16 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/26 17:35:16 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 17:35:16 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 17:35:16 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/26 17:35:16 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/26 17:35:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/26 17:35:16 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/26 17:35:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/26 17:35:16 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/26 17:35:16 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/26 17:35:16 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 17:35:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/26 17:35:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/26 17:35:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/26 17:35:16 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/26 17:35:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/26 17:35:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/26 17:35:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/26 17:35:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/26 17:35:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/26 17:35:16 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/26 17:35:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/26 17:35:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/26 17:35:16 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/26 17:35:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/26 17:35:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/26 17:35:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/26 17:35:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/26 17:35:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/26 17:35:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 17:35:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/26 17:35:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/26 17:35:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/26 17:35:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/26 17:35:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/26 17:35:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/26 17:35:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/26 17:35:16 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/26 17:35:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 17:35:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/26 17:35:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/26 17:35:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/26 17:35:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/26 17:35:15 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 17:35:15 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/26 17:35:15 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/26 17:35:15 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/26 17:35:15 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/26 17:35:15 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/26 17:35:15 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/26 17:35:15 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/26 17:35:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 17:35:15 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/26 17:35:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 17:35:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/26 17:35:15 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/26 17:35:15 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/26 17:35:15 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/26 17:35:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 17:35:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/26 17:35:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/26 17:35:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/26 17:35:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 15:03:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/26 15:00:41 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Dana\Desktop\JRT.exe
[2013/11/26 14:49:24 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/26 14:48:56 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/26 14:48:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/26 14:48:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/26 14:48:54 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/26 14:48:54 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/26 14:48:18 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/26 14:48:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/26 14:48:17 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/26 14:48:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/26 14:48:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/26 14:47:43 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/26 14:47:41 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/26 14:47:41 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/26 14:47:41 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/26 14:47:41 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/26 11:25:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/20 17:26:21 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\try 01
[2013/11/20 02:00:10 | 000,000,000 | R--D | C] -- C:\Users\Dana\Desktop\2013-11-20
[2013/11/19 18:46:26 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\VS Revo Group
[2013/11/19 18:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/11/19 18:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/19 18:46:16 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/11/19 18:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/19 17:50:46 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dana\Desktop\aswMBR.exe
[2013/11/19 17:40:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dana\Desktop\dds.scr
[2013/11/19 17:40:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/19 17:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/19 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/11/19 17:37:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Dana\Desktop\erunt-setup.exe
[2013/11/19 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/19 15:06:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/19 15:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/11 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\DoNotTrackPlus
[2013/11/10 12:25:25 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/10 12:25:25 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/09 20:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/09 19:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/11/09 19:17:22 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Roaming\OpenWebKitSharp Strings
[2013/11/09 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B
[2013/11/09 09:38:36 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2013/11/09 09:38:29 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/11/09 09:38:28 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/11/09 09:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/11/08 10:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

JD the DJ
2013-11-27, 22:25
OTL.txt (part 2 of 2)


========== Files - Modified Within 30 Days ==========

[2013/11/27 12:42:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
[2013/11/27 12:22:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-899990179-4107465522-2500062467-1001UA.job
[2013/11/27 12:14:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 19:39:10 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDANA-HP$.job
[2013/11/26 18:37:57 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 18:37:57 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/26 18:37:57 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/26 18:36:54 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 18:36:54 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 18:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 18:30:05 | 2899,214,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/26 17:35:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/26 17:35:25 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/26 17:35:17 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/26 17:35:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 17:35:17 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/26 17:35:17 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/26 17:35:17 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/26 17:35:17 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/26 17:35:16 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 17:35:16 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 17:35:16 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/26 17:35:16 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/26 17:35:16 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/26 17:35:16 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 17:35:16 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 17:35:16 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/26 17:35:16 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/26 17:35:16 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/26 17:35:16 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 17:35:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 17:35:16 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/26 17:35:16 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/26 17:35:16 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/26 17:35:16 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/26 17:35:16 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/26 17:35:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/26 17:35:16 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/26 17:35:16 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 17:35:16 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/26 17:35:16 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/26 17:35:16 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/26 17:35:16 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/26 17:35:16 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/26 17:35:16 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/26 17:35:16 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/26 17:35:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/26 17:35:16 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/26 17:35:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/26 17:35:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/26 17:35:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/26 17:35:16 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/26 17:35:16 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/26 17:35:16 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/26 17:35:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/26 17:35:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/26 17:35:16 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/26 17:35:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 17:35:16 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/26 17:35:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/26 17:35:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/26 17:35:16 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/26 17:35:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/26 17:35:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/26 17:35:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/26 17:35:16 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/26 17:35:16 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 17:35:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/26 17:35:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/26 17:35:16 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 17:35:16 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/26 17:35:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/26 17:35:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/26 17:35:15 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 17:35:15 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/26 17:35:15 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/26 17:35:15 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/26 17:35:15 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/26 17:35:15 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/26 17:35:15 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/26 17:35:15 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/26 17:35:15 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 17:35:15 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/26 17:35:15 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 17:35:15 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/26 17:35:15 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/26 17:35:15 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/26 17:35:15 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/26 17:35:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 17:35:15 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/26 17:35:15 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/26 17:35:15 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/26 17:35:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 17:31:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/26 16:51:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/26 15:36:16 | 000,002,362 | ---- | M] () -- C:\Users\Dana\Desktop\Google Chrome.lnk
[2013/11/26 15:00:46 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Dana\Desktop\JRT.exe
[2013/11/26 14:45:53 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/11/26 14:42:43 | 000,001,166 | ---- | M] () -- C:\Users\Dana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/26 14:42:42 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/26 14:28:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDana.job
[2013/11/26 11:23:31 | 001,091,882 | ---- | M] () -- C:\Users\Dana\Desktop\AdwCleaner.exe
[2013/11/22 03:29:24 | 000,005,248 | ---- | M] () -- C:\Users\Dana\Desktop\attach.zip
[2013/11/21 19:20:26 | 000,000,512 | ---- | M] () -- C:\Users\Dana\Desktop\MBR.dat
[2013/11/19 18:46:18 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/11/19 17:51:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dana\Desktop\aswMBR.exe
[2013/11/19 17:40:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dana\Desktop\dds.scr
[2013/11/19 17:39:19 | 000,001,106 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/19 17:39:07 | 000,000,926 | ---- | M] () -- C:\Users\Dana\Desktop\NTREGOPT.lnk
[2013/11/19 17:39:07 | 000,000,907 | ---- | M] () -- C:\Users\Dana\Desktop\ERUNT.lnk
[2013/11/19 17:37:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Dana\Desktop\erunt-setup.exe
[2013/11/12 21:40:05 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/11 18:38:05 | 000,449,836 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/11 18:31:05 | 000,449,836 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-183805.backup
[2013/11/11 18:22:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-899990179-4107465522-2500062467-1001Core.job
[2013/11/10 10:28:34 | 000,000,932 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/09 20:02:09 | 000,000,098 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\WB.CFG
[2013/11/09 20:02:09 | 000,000,006 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\WBPU-TTL.DAT
[2013/11/09 09:39:35 | 000,417,569 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/11/09 09:36:48 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/11/09 02:44:28 | 000,010,089 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2013/10/30 20:39:29 | 000,002,112 | ---- | M] () -- C:\Users\Dana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2013/11/26 17:35:16 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 17:35:16 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/26 11:23:24 | 001,091,882 | ---- | C] () -- C:\Users\Dana\Desktop\AdwCleaner.exe
[2013/11/22 03:29:24 | 000,005,248 | ---- | C] () -- C:\Users\Dana\Desktop\attach.zip
[2013/11/21 19:20:26 | 000,000,512 | ---- | C] () -- C:\Users\Dana\Desktop\MBR.dat
[2013/11/19 18:46:18 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/11/19 17:39:19 | 000,001,106 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/19 17:39:07 | 000,000,926 | ---- | C] () -- C:\Users\Dana\Desktop\NTREGOPT.lnk
[2013/11/19 17:39:07 | 000,000,907 | ---- | C] () -- C:\Users\Dana\Desktop\ERUNT.lnk
[2013/11/19 15:06:55 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/10 10:28:31 | 000,000,932 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/09 20:02:09 | 000,000,098 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\WB.CFG
[2013/11/09 20:02:09 | 000,000,006 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\WBPU-TTL.DAT
[2013/08/23 19:44:57 | 000,001,955 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\SAS7_000.DAT
[2013/05/03 01:16:39 | 000,010,089 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/04/07 10:20:23 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/02/10 18:11:44 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2012/10/27 20:11:14 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/10/05 11:40:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\sh33w32.dll
[2012/10/05 09:54:07 | 000,024,909 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2012/10/05 09:54:07 | 000,000,096 | ---- | C] () -- C:\Windows\calera.ini
[2012/09/22 07:44:47 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/07/25 16:36:00 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/07/24 17:00:29 | 000,000,008 | RHS- | C] () -- C:\ProgramData\F62B172FA5.sys
[2012/07/24 17:00:27 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/18 20:18:20 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2012/07/18 20:18:19 | 000,306,688 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2012/07/18 20:18:19 | 000,147,715 | ---- | C] () -- C:\Windows\SysWow64\prntfix.exe
[2012/05/16 20:46:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/16 20:34:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/09 19:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B
[2013/05/01 14:09:36 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Check Point Software Technologies LTD
[2013/11/26 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\CheckPoint
[2012/07/16 18:52:53 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Firetrust
[2012/12/12 23:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Foxit Software
[2012/11/22 20:00:23 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Garmin
[2013/03/25 18:14:41 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Nuance
[2013/11/09 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\OpenWebKitSharp Strings
[2012/10/26 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\SoftGrid Client
[2012/10/04 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Steganos
[2012/07/15 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Thunderbird
[2012/07/24 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\TP
[2012/07/14 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\WinBatch
[2012/07/29 15:51:55 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >

JD the DJ
2013-11-27, 22:26
EXTRAS.txt

OTL Extras logfile created on: 11/27/2013 12:44:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dana\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 50.05% Memory free
7.20 Gb Paging File | 4.64 Gb Available in Paging File | 64.52% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 376.89 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS

Computer Name: DANA-HP | User Name: Dana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04567EE2-AAD7-4B9B-AE41-64B50B61202A}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{0F20BB0E-D5F9-4258-976E-00FC0014661D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30B063EE-7AFB-42FC-AF6F-9E48A0BDC8E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{327CDE4D-84BD-4F40-AF2D-0C905D6EDFE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35FDCD81-A5D7-4FB3-8A37-583A35BFBCE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{37A9FAF9-DC91-42B4-A853-24E6F6EBD850}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3E38964F-BD2C-4878-833B-7849115A9BBF}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FA65540-053B-4A46-9C8F-1A47D9569CA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{400D6D55-0F4C-471B-B3D5-67F911EE2810}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D2B99CB-2996-474C-AA7B-7BC04FD64034}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FB40683-1A66-4D3D-8302-63B1A19ACE1D}" = lport=138 | protocol=17 | dir=in | app=system |
"{63BDF92E-0D68-4B52-B8DA-7BA58FF16E01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B0B2E20-B357-4155-A8FC-49B30D34E363}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D1A2175-6CD4-445B-95CA-E4920CAFFE4A}" = rport=138 | protocol=17 | dir=out | app=system |
"{74351395-167A-41A9-9C7F-E3AC7C24E6E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BC8DCF2-6280-4155-B7F9-D012811BCC53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E1B003C-D99E-46BC-8A50-DF8F3600E200}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88C8B219-C233-4C72-B9AC-6FFE0335AAA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE9C2DF4-5FC7-4C57-BBF9-621D22DCCF5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2D4BB36-FEFF-4602-8E3E-A15F4A69CA81}" = lport=137 | protocol=17 | dir=in | app=system |
"{B355BD99-3431-418F-963E-0AA68B3A12F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8C61618-87E1-4D3D-8333-8F62820B68DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{D03FBF44-8550-4BE2-9964-132EB910F9DB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E2F80BAA-3485-4D72-88BA-36E8318548D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE04ABC4-E0D6-4DCA-BBA9-30FD03700F85}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF0ECBCC-F6AC-4739-98D3-466373719D88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF406B12-2F13-4092-85D1-AF52E0EA336F}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03958099-88F7-4D4F-9301-3A3AC97414B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C0FDB9A-1A96-4C27-B8D8-9202E2DD4F3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F8F6DBC-DEDC-441F-A175-6FB1E384787A}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{1583F9D5-8BC4-4A3C-A019-4682C52F7818}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15B441EB-1532-4A49-BDCA-D26F0CCDBCAB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1697ABD5-83CA-445A-9785-23AF85F54CC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28278EF6-384F-43B7-B92F-B242F4AF242C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D1748EE-79F6-4F8F-9934-9724F772B294}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51205E03-A871-41B2-BC66-CD18676FF40C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{577865DD-EC5E-4FC2-B8C4-99DAD5CE1209}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5B5BCAAD-F749-42E5-9651-D559A1A827F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{5CD3CC99-ACE5-4647-A3F5-980F1D9B764B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{5D1DCAFB-0B46-423C-8DF8-5F0F78086B28}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{6757F198-FB70-493A-AB1B-4BCEB48BC97D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{69007A6F-1E04-49B0-A1FC-C5A1E1205F77}" = protocol=6 | dir=in | app=c:\users\dana\appdata\local\temp\7zs6102\hpdiagnosticcoreui.exe |
"{6CCCC61C-48C9-47B1-B0DA-0C3F18516BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{723028F1-B98D-4B7B-8C10-93145FFE0C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{733CADDF-5C99-4A28-9765-63ABD0C35BED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FDF627F-6899-43DC-AA7E-BB978583EA7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82FEA30B-C992-4132-B7AC-4F3379D8934B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{858D167D-0F08-423D-95B8-BC894B3A9F77}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F17312A-63BC-4DF5-8F1B-2894B3198FF6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{94C7D171-9762-4E86-8BC7-0242B23C3A27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C8CEB67-6249-46F0-B794-A685C7EBA0FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3927822-9288-4A92-B5F0-39D37A1B79C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5DA2801-3DE0-4190-A0C5-F7FD255297FD}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{B1F88368-4A63-41B5-8B0D-2D06E78EFC45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B46FB90E-C60D-4B58-B63F-4D37AD56023B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5A770C6-4551-4E6A-A7C5-4DF6AFAA0F0B}" = protocol=17 | dir=in | app=c:\users\dana\appdata\local\temp\7zs6102\hpdiagnosticcoreui.exe |
"{B5FEE980-272E-42D9-A538-C87D13AE6289}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{B890C4FE-7094-4F30-AC6A-7C3F22274E22}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BBB12BE4-822C-4938-BBA6-A6D3BC0C4933}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDE5BD5E-1990-4EB0-A518-B231F3424A3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C2B0318E-F7BE-40D4-A7D1-CA14F2D4B932}" = protocol=17 | dir=in | app=c:\users\dana\appdata\local\temp\7zs131d\hpdiagnosticcoreui.exe |
"{C37CCF1D-1B5B-4A2E-908D-C1BB70ACDA40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C3B6536C-DF05-4655-A281-E9C2B1F478E0}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{CA09B18C-B172-49FF-BA94-F56C714320BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CFEA14F4-8623-41AE-8BA0-851C0C3BB63F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0886AE7-A8D5-42BC-8B33-12692DA308D4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D0D83CA1-848E-440B-AA77-27010974AF52}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{DF2B95E1-60C8-4FC2-94A8-B04DF6276226}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EF18A29D-2710-4877-924D-5A1443A5D32B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EFEB6CB4-B725-4A37-A63B-B4440C0CA513}" = protocol=6 | dir=in | app=c:\users\dana\appdata\local\temp\7zs131d\hpdiagnosticcoreui.exe |
"{F1EEAE9C-B79C-4EA4-B625-964BE1968B82}" = protocol=6 | dir=out | app=system |
"{F244BF37-BB2A-43CD-8A9F-B7C3AE24AC70}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F8134A65-44B7-45A1-8251-558F68BC9471}" = protocol=17 | dir=in | app=c:\users\dana\appdata\local\temp\7zs3d38\hpdiagnosticcoreui.exe |
"{FBB8EB69-43A4-477F-9490-F6DACEDBCD67}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{FCFAACA2-C1C9-4097-AD27-7BD8E3702D26}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FFAA2012-80E8-4AA9-A9DD-24E7AF7A2C79}" = protocol=6 | dir=in | app=c:\users\dana\appdata\local\temp\7zs3d38\hpdiagnosticcoreui.exe |
"TCP Query User{4B21027C-9F3F-4A51-9C3F-707ED2016074}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{589907D1-FA5C-4905-81BF-6FF7A10469CE}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{BB6C9540-DC3A-413B-A028-1B9FD3ACB237}C:\program files (x86)\msgtag\msgtag.exe" = protocol=6 | dir=in | app=c:\program files (x86)\msgtag\msgtag.exe |
"UDP Query User{7AE89E4D-C3FE-4052-9400-F58B14720EBC}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{AB771A5D-73D0-4990-B90C-1F82BA2F6BEA}C:\program files (x86)\msgtag\msgtag.exe" = protocol=17 | dir=in | app=c:\program files (x86)\msgtag\msgtag.exe |
"UDP Query User{E97D788A-B77D-4E9A-8A44-1E3EFEF68AC3}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = WordPerfect IFilter 64 bit
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{85A5A208-1A5A-A736-170E-AA826BC19B2A}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D7C661D9-1B9F-5C73-8A77-85A26D9DB78F}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEB70794-C52E-5ABC-10EF-8D1022A6A511}" = ccc-utility64
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"CCleaner" = CCleaner
"HP Color LaserJet 2600 series" = HP Color LaserJet 2600 series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01542B68-DCFC-04B9-D105-A5BCDDFA7C34}" = CCC Help Turkish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{17737752-8324-7D51-D339-DBA6DE6D2DAA}" = AMD VISION Engine Control Center
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3C986C5A-19DA-2744-9666-15A18FF0C2B9}" = CCC Help Korean
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3DB90277-3BA2-52D4-089F-F8A8E9EB3C93}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B76743C-E56D-D33F-F7FA-6C3B305502E9}" = CCC Help Russian
"{4C278A1B-D7CA-4F9D-A74D-CB9866EB137A}" = Steganos Password Manager 2012
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{5518148D-3C8D-1C59-86F5-8E3205C4B68E}" = CCC Help French
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61797348-15BD-48EB-8112-ECD390DFA3A3}" = MailWasher
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{64F52262-3848-08B6-AE57-48AC337B1ABD}" = CCC Help Italian
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A951F56-EF9B-B3BA-7E9B-7ABDFAD6868F}" = CCC Help Danish
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80C1D83D-053C-D801-6961-426E095B7B8D}" = CCC Help Japanese
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8437B03F-5D2B-A8C6-CF2A-EF77D000D600}" = CCC Help Dutch
"{84A1DD9A-9DCC-FB89-EC55-E4B609C3E328}" = CCC Help Polish
"{850A14FC-F410-47F7-94E4-38F4D3F270D4}" = DriverUpdate
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{86DB98B6-6B43-5C6A-0546-10FA3FF86D20}" = CCC Help Norwegian
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9E8E4A-45DC-6AE8-C1A6-9CBB32D97E8F}" = CCC Help Chinese Standard
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{917EAE5D-B43E-FAD4-FEDD-044B860AA91A}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{980375A3-2C47-E490-B410-0B29EFCF7C4C}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA3CFD8-6082-231A-D9EE-F09A9342A1A4}" = CCC Help Chinese Traditional
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AD5D7F64-B818-0E00-A852-2A48CF415C02}" = Catalyst Control Center Graphics Previews Common
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BB27B53A-EBAE-5056-D7E4-295D875B7AA7}" = CCC Help Greek
"{C0E23D8B-C7B9-8BB3-C6EA-23C193F6CA59}" = CCC Help Czech
"{C1259093-7E15-7454-6696-1AF276CEBC1F}" = CCC Help Portuguese
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{D8A44325-B409-223A-EC28-898ABFACBBCE}" = CCC Help German
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0CAD049-58B6-2A20-0257-C5300E1AD390}" = Catalyst Control Center Localization All
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E800AF2C-A63D-52F2-4AF5-7D31B1BC87C8}" = CCC Help Thai
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB298FF1-6F2E-56A6-CB3D-8A174D2FE011}" = CCC Help Spanish
"{EB2DABBE-051B-764D-5CC2-428923F80789}" = CCC Help Swedish
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE678BB2-C794-65F3-1D4F-DB5173C66986}" = Catalyst Control Center InstallProxy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Digital Editions" = Adobe Digital Editions
"DMUninstaller" = DMUninstaller
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"HP PrecisionScan" = HP PrecisionScan
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"Mozilla Thunderbird 24.1.0 (x86 en-US)" = Mozilla Thunderbird 24.1.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSGTAG_is1" = MSGTAG
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.STANDARD" = Microsoft Office Standard 2010
"PaperPort 7.01" = PaperPort 7.01
"PDF Complete" = PDF Complete Special Edition
"WinLiveSuite" = Windows Live Essentials
"WTA-0a717b7b-4771-41ad-a9a0-52e444bb6583" = Poker Superstars III
"WTA-189fc852-deac-4f12-abcf-bbc4e71f4dfa" = Blackhawk Striker 2
"WTA-19891684-5029-423d-a074-fd172fa4274c" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-356af93f-b244-4827-85fa-54af9ccc8e25" = Plants vs. Zombies - Game of the Year
"WTA-48cdac78-ed42-42ed-b2fb-c245fb50cd15" = Polar Golfer
"WTA-4b531e2e-5901-44c3-afde-224db3f54d16" = Torchlight
"WTA-5b4cfe24-73ae-4b01-be1e-346d0ce8c697" = FATE
"WTA-6288c172-caee-47d8-9aa9-434cb518b2e2" = John Deere Drive Green
"WTA-674d798d-cf01-42ef-a581-c4cbb3574f71" = Dora's World Adventure
"WTA-68a1a85c-e2a7-411d-8a0b-343211646daf" = Zuma's Revenge
"WTA-70149a81-7af9-4c46-8a85-43852c1791ae" = Penguins!
"WTA-7074cff4-2c3e-47d7-b6fe-b7d1cb0313cf" = Luxor HD
"WTA-7def4485-6846-400a-9503-d0c703b678bf" = Bejeweled 3
"WTA-9830161f-ea5e-4965-9399-4e96cbf1a5b3" = Virtual Villagers 4 - The Tree of Life
"WTA-aea1d60e-e5db-46e5-98f3-8c0cf3b1b0de" = Farmscapes
"WTA-b5ecded0-ad05-4f2c-b384-64c5ab4138a2" = The Treasures of Mystery Island: The Ghost Ship
"WTA-c23b2654-72bb-4881-91d2-4e30c4dee0a3" = Farm Frenzy
"WTA-c2aaa789-7eef-48c4-8dd3-dcf61439ec4c" = Final Drive Fury
"WTA-d4d4e2d4-97c2-41dd-b1dd-e4bf0a71f565" = Polar Bowler
"WTA-d6acc483-40c3-4891-941b-c8f51399b73e" = Cradle of Rome 2
"WTA-dffed259-b297-4bb8-a1bd-b8de9c25d430" = Jewel Match 3
"WTA-eaee7b4b-7935-4ae7-be96-241512996f1d" = Chuzzle Deluxe
"WTA-eb1aaafb-aeb7-4a3f-8590-9952b5c05dc1" = Mah Jong Medley
"WTA-ebecea0f-8797-45a6-9b5c-eb485ceea2b8" = RollerCoaster Tycoon 3: Platinum
"WTA-f0fca55b-ec2c-4e73-b303-acc6ce9fd569" = Hoyle Card Games
"WTA-ffef9c83-f0ec-435d-a629-212cb99b6c79" = Letters from Nowhere 2
"ZinioReader4" = Zinio Reader 4
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Zip Extractor Packages" = Zip Extractor Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2013 7:37:47 PM | Computer Name = Dana-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/26/2013 7:38:43 PM | Computer Name = Dana-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/26/2013 7:40:16 PM | Computer Name = Dana-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/27/2013 3:35:37 AM | Computer Name = Dana-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/27/2013 3:39:01 AM | Computer Name = Dana-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/27/2013 3:46:03 AM | Computer Name = Dana-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 7/28/2012 8:55:22 PM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/28/2012 8:55:25 PM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/12/2012 1:47:57 PM | Computer Name = Dana-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/fcb3ede9_9df3_4432_a208_28bea27e9e61/7klzohc7zk+tag8tzthpzmlx_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3686 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 8/18/2012 7:32:49 PM | Computer Name = Dana-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 10/25/2012 12:11:28 PM | Computer Name = Dana-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3686 Ram
Utilization: 40 TargetSite: Void SetWMISysInformation()

Error - 11/4/2012 12:02:06 AM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/12/2012 5:17:53 PM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3686 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 12/16/2012 12:08:47 AM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/22/2012 8:53:54 PM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/22/2012 8:53:54 PM | Computer Name = Dana-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 11/11/2013 6:47:51 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:47:51.145|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:47:52 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:47:52.737|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:47:54 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:47:54.328|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:47:55 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:47:55.903|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:47:57 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:47:57.495|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:47:59 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:47:59.070|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:48:00 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:48:00.661|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:48:03 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:48:03.813|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 11/11/2013 6:48:05 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:48:05.404|00000760|Error |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
executing wmiBIOS.ExecMethodClient, eRetCode: 597

Error - 11/11/2013 6:48:06 AM | Computer Name = Dana-HP | Source = CaslSmBios | ID = 5
Description = 2013/11/11 03:48:06.995|00000760|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

[ System Events ]
Error - 11/26/2013 8:23:39 PM | Computer Name = Dana-HP | Source = DCOM | ID = 10010
Description =

Error - 11/26/2013 9:34:38 PM | Computer Name = Dana-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for
Windows 7 Service Pack 1 for x64-based Systems (KB2888505).

Error - 11/26/2013 10:08:41 PM | Computer Name = Dana-HP | Source = Service Control Manager | ID = 7031
Description = The ZoneAlarm Privacy Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >

ken545
2013-11-27, 22:35
Hi,

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
[2013/11/11 18:31:05 | 000,449,836 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-183805.backup

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

JD the DJ
2013-11-27, 23:10
11272013_134905

All processes killed
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.20131111-183805.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dana\Desktop\cmd.bat deleted successfully.
C:\Users\Dana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Dana
->Java cache emptied: 45946 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Dana
->Temp folder emptied: 2590434 bytes
->Temporary Internet Files folder emptied: 10853863 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87496131 bytes
->Google Chrome cache emptied: 11628060 bytes
->Flash cache emptied: 177293 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6104723 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42327954 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 154.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11272013_134905

Files\Folders moved on Reboot...
C:\Users\Dana\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dana\AppData\Local\Temp\~DFF9FA566F1019ACF3.TMP moved successfully.
C:\Users\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\ZLT011e5.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545
2013-11-27, 23:20
Great, how is everything running now ?

JD the DJ
2013-11-28, 00:09
Great!

Just get a 'User Account Control' popup on startup
Program: Update.exe
Publisher: Unknown
I think it is to run the SuperAntiSpyware popup notification that appears in lower right on startup
(That popup has not appeared, but I have not clicked 'Allow' )

Definitely running better than last week, and seems to be running better than before DOSEARCHES took over the browsers.


Thanks!

ken545
2013-11-28, 00:24
Lets check that update file and make sure its ok

You will need the 64 Bit version of this program

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:



:filefind
Update.exe


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

JD the DJ
2013-11-28, 00:44
SystemLook 30.07.11 by jpshortstuff
Log created at 15:42 on 27/11/2013 by Dana
Administrator - Elevation successful

========== filefind ==========

Searching for "Update.exe"
C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan\update.exe --a---- 28672 bytes [03:17 19/07/2012] [21:16 11/12/2001] A2A2294F180FD188CDA9404D28A99B1A
C:\Program Files (x86)\Spybot - Search & Destroy\Update.exe --a---- 464728 bytes [03:34 26/10/2012] [21:31 26/01/2009] 00071AF6D95C1002E5F9B63EA00A37A3

-= EOF =-

ken545
2013-11-28, 00:48
That file is fine :bigthumb:

JD the DJ
2013-11-28, 02:23
It was actually the lower-case 'u' ( update.exe )
Hewlett-Packard\HP PrecisionScan\PrecisionScan\update.exe

The desktop seems to be running great. I have not noticed anything else that is of concern.
Is there anything more that needs to be done?

ken545
2013-11-28, 02:49
Lets run a free online Virus scanner to be sure your all clean


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

JD the DJ
2013-11-28, 12:59
ran ESET
aborted run, when it got to files in C:\ProgramData\WildTangent\GameInstalls\
(it took over 1 hour for ESET to scan 2 files)
deleted 28 files (~5 GB)
While navigating to the folder I saw a suspicious file: C:\Program Files\Uninstaller\Uninstall.exe
(Description: DomaUninstaller ; Created: Saturday, ‎November ‎09, ‎2013, ‏‎7:28:55 PM ; Signature: tuguu sl )

ran ESET

ESETScan.txt

C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro1.zip Win32/Bagle.gen.zip worm

ken545
2013-11-28, 13:16
Good Morning

Those files that ESET found are in Spybots Recovery Folder, open Spybot Search and Destroy and go to the recovery folder and remove them all


Lets check this file


You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\Program Files\Uninstaller\Uninstall.exe <----

If the site is busy you can try this one
http://virusscan.jotti.org/en

JD the DJ
2013-11-28, 13:50
Happy Thanksgiving!

purged the files in Spybot's Recovery

ran a scan on VirusTotal for:
C:\Program Files\Uninstaller\Uninstall.exe

https://www.virustotal.com/en/file/bc184c9d9f133d934138e2b5739bc6e52164b7323a04870dc1c3db461098da05/analysis/1385638410/

ken545
2013-11-28, 14:11
Its iffy

Download and run SystemLook, you need the 64 Bit version


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:



:filefind
Uninstall.exe


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

JD the DJ
2013-11-28, 14:22
Ya, I think it's iffy (at best)
November 9th was when the desktop was obviously infected.
There does not appear to be a program on desktop for this program to uninstall.
The Digital Signature looks unprofessional (if not fake).

SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 05:13 on 28/11/2013 by Dana
Administrator - Elevation successful

========== filefind ==========

Searching for "Uninstall.exe"
C:\hp_CLJ_2600n_Full_Solution\Uninstall.exe --a---- 241664 bytes [16:29 24/08/2013] [11:26 17/02/2011] B3DCA154746EF77F627FE8B320478522
C:\Program Files\hp\HP Color LaserJet 2600n\Uninstall.exe --a---- 241664 bytes [16:31 24/08/2013] [11:26 17/02/2011] B3DCA154746EF77F627FE8B320478522
C:\Program Files\SUPERAntiSpyware\Uninstall.exe --a---- 537368 bytes [22:55 10/10/2013] [22:55 10/10/2013] FDCE433D3EF21FCD1C3706588EF26D09
C:\Program Files\Uninstaller\Uninstall.exe --a---- 47408 bytes [02:28 10/11/2013] [02:28 10/11/2013] 718EB2D20ECEEC974A975C641D0D36A7
C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe --a---- 59905 bytes [23:56 17/07/2012] [23:56 17/07/2012] F068D7A12B1188F2E218BAA0F3841DC8
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\uninstall.exe --a---- 200965 bytes [02:50 17/07/2012] [02:50 17/07/2012] 0A2564CEB1E99C698B162CC310365AA9
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe --a---- 199534 bytes [16:10 15/08/2013] [16:19 09/11/2013] 563626B1F6545BF9644D7E11A6C562A9
C:\Program Files (x86)\Kobo\Uninstall.exe --a---- 55084 bytes [04:24 17/05/2012] [04:24 17/05/2012] 466AD28EE77EA9DC67F0C68F63674CAC
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe --a---- 106212 bytes [15:47 14/07/2012] [21:49 27/11/2013] A2C775636F142114378DC9403C28E190
C:\Program Files (x86)\PDF Complete\uninstall.exe --a---- 1734120 bytes [04:26 17/05/2012] [16:54 12/08/2011] 49328B10E1945AC0A7DA78CDC74AA0CD
C:\Program Files (x86)\Steganos Password Manager 2012\uninstall.exe --a---- 121552 bytes [03:48 17/07/2012] [03:48 17/07/2012] 7FD2AD9425A666CF29F6CF40C4137D31

-= EOF =-

ken545
2013-11-28, 14:35
If you go to Control Panel > Programs and Features do you see it in the list of programs you can uninstall ?
C:\Program Files\Uninstaller

If it was not installed by you then try uninstalling it

JD the DJ
2013-11-28, 15:10
It was in the list in 'Programs and Features'
clicked 'Uninstall/Change' and it disappeared from list.

While in 'Programs and Features' , i saw another suspicious program. 'Zip Extractor Packages'
Installed on: Nov. 9, 2013 ; No Publisher info
Found the file at:
C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe

Tried to uninstall it (using 'Programs and Features' ) a popup appeared, mostly a blank page, with only 3 options to click
lower right: a highlighted blue link saying to remove program from list
lower right: a button 'CLOSE'
upper right corner: a small square button with 'x'

I clicked the 'x'

ken545
2013-11-28, 16:54
Look back in Programs and Features and see if its gone

JD the DJ
2013-11-28, 17:18
'C:\Program Files\Uninstaller\Uninstall.exe' , the file and its folder, are gone.
And is not in list of programs to Remove in 'Programs and Features'.

'Zip Extractor Packages' is still in list of programs to Remove in 'Programs and Features'.

ken545
2013-11-29, 01:14
Lets run this thru SystemLook

:filefind
Zip Extractor Packages

JD the DJ
2013-11-29, 02:04
SystemLook.txt
SystemLook 30.07.11 by jpshortstuff
Log created at 16:59 on 28/11/2013 by Dana
Administrator - Elevation successful

========== filefind ==========

Searching for "Zip Extractor Packages"
No files found.

-= EOF =-

ken545
2013-11-29, 14:09
Hi,

I am getting mixed results on this one. Just trying to determine who owns it

Run this through SystemLook

:folderfind
Zip Extractor Packages
:regfind
Zip Extractor Packages


Also this program is responsible for adds so I would uninstall it
c:\program files (x86)\iminent

JD the DJ
2013-11-29, 14:47
Below is the log file for SystemLook for: Zip Extractor Packages

I could not find a file on the desktop called 'iminent'
Although, I know Iminent was one of the many unwanted items on desktop after the infection was noticed.
(I used SystemLook :filefind , after MS search came up with no results, and SystemLook did not find any file called 'iminent'.
I then ran SystemLook :regfind, and numerous results were found.)

SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 05:19 on 29/11/2013 by Dana
Administrator - Elevation successful

========== folderfind ==========

Searching for "Zip Extractor Packages"
C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages d------ [02:02 10/11/2013]

========== regfind ==========

Searching for "Zip Extractor Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayIcon"="C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallString"="C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe /Uninstall /NM="Zip Extractor Packages" /AN="0D0S1L2Z1P1B" /MBN="Zip Extractor Packages""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayName"="Zip Extractor Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallerPath"="C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages"
[HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
[HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayIcon"="C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe"
[HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallString"="C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe /Uninstall /NM="Zip Extractor Packages" /AN="0D0S1L2Z1P1B" /MBN="Zip Extractor Packages""
[HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayName"="Zip Extractor Packages"
[HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallerPath"="C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages"

-= EOF =-

ken545
2013-11-29, 14:55
See if you can run this through VirusTotal


C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages

JD the DJ
2013-11-29, 15:02
https://www.virustotal.com/en/file/248482662fe9874fd0b8a20802861a7a531c1a63cc8b5660e1e2f29de8f1ba70/analysis/1385729989/

JD the DJ
2013-11-29, 15:07
It won't do the folder, seemed to default to the only file in that folder.

ken545
2013-11-29, 15:31
Its in your Add Remove list, I think I would uninstall it

JD the DJ
2013-11-30, 00:54
A popup appears with mostly a blank page
upper left a title : 'Uninstall Manager'
upper right : an 'x' button
lower left: blue highlighted text that can be clicked 'Remove this program from Add/Remove list'
lower right: a button labelled 'Close'

ken545
2013-11-30, 02:08
Before you run this fix with OTL, make sure to do another registry backup with ERUNT

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe

:Services

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
[-HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]


:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

JD the DJ
2013-11-30, 02:34
OTL log file

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-899990179-4107465522-2500062467-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dana\Desktop\cmd.bat deleted successfully.
C:\Users\Dana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dana
->Temp folder emptied: 791161596 bytes
->Temporary Internet Files folder emptied: 7541198 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1443304 bytes
->Google Chrome cache emptied: 8249584 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32524 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 771.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11292013_172628

Files\Folders moved on Reboot...
C:\Users\Dana\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545
2013-11-30, 03:39
Great, looks like your good to go

JD the DJ
2013-11-30, 03:41
Your help is greatly appreciated.

Thanks again!

ken545
2013-11-30, 03:53
Just looking over your log and I put this one in incorrectly, no biggie, just run another quick fix

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL


:Services

:Reg

:Files
C:\Users\Dana\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exec


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

JD the DJ
2013-11-30, 04:03
I just deleted the folder '0D0S1L2Z1P1B' and all its contents and then emptied Recycle Bin.

contents of '0D0S1L2Z1P1B':
1 folder: 'Zip Extractor Packages'
1 file: 'uninstaller.exe' (located in the sub-folder 'Zip Extractor Packages' )

ken545
2013-11-30, 04:10
Good, your ahead of me :)


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

ken545
2013-12-02, 13:23
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.