1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Deleted Desktop Shortcut Reappears After Reboot

Discussion in 'Virus & Other Malware Removal' started by KeliK, Nov 14, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    I've been on my little sister's laptop all day trying to clean it up for her, but I'm afraid I'm not the computer wiz I'd like to think. :p There's a shortcut on her desktop that reads "Clean Registry for Free" (suspicious, I know!) that keeps returning after I reboot her computer, no matter how many ways I attempt to permanently delete it. It is linked to the webpage http://www.sammsoft.com/getitfree/?ActionSource=icon. I figure it must be some nasty malware. I appreciate any help I can get!


    The required logs will be posted shortly in the following post.
     
  2. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    HijackThis Log:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:07:20 PM, on 11/14/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Varbs\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IMVU Inc - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkANgAyADAAOAA5ADgALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADQAMgA5ADQAOQA1ADQANwAwADMALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABNADEAMgBBAFUAKwAxAC0AUwBUAEYAOQAwAE0AMQAyAEEAVQBTACsAMQA"&"prod=90"&"ver=9.0.894
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll (file missing)
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14286 bytes
     
  3. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    DDS.txt File:


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Varbs at 19:19:23 on 2011-11-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1772 [GMT -8:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\system32\msconfig.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?hl=en
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkANgAyADAAOAA5ADgALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADQAMgA5ADQAOQA1ADQANwAwADMALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABNADEAMgBBAFUAKwAxAC0AUwBUAEYAOQAwAE0AMQAyAEEAVQBTACsAMQA"&"prod=90"&"ver=9.0.894
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: &Search
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0} : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\2375942554532313 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\845627263747 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\C696E64637569702 : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\C696E6B6379737 : DhcpNameServer = 75.104.160.61
    TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\E4544574541425 : DhcpNameServer = 10.0.0.1
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO-X64: Conduit Engine - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO-X64: RoboForm - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    BHO-X64: IMVU Inc - No File
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO-X64: HelloWorldBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB-X64: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkANgAyADAAOAA5ADgALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADQAMgA5ADQAOQA1ADQANwAwADMALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABNADEAMgBBAFUAKwAxAC0AUwBUAEYAOQAwAE0AMQAyAEEAVQBTACsAMQA"&"prod=90"&"ver=9.0.894
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2547675&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6ca360&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{98208d10-3683-46d2-b5f0-f58704dfd26e}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\kSolo\npAVX.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-21 42184]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-21 366152]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 02:48:43 -------- d-----w- C:\Windows\pss
    2011-11-15 02:14:47 0 ----a-w- C:\Windows\SysWow64\RENF3B4.tmp
    2011-11-15 02:14:47 0 ----a-w- C:\Windows\SysWow64\RENF3B3.tmp
    2011-11-15 02:14:47 0 ----a-w- C:\Windows\SysWow64\RENF3B2.tmp
    2011-11-14 19:56:15 -------- d-----w- C:\ProgramData\!SASCORE
    2011-11-14 19:43:42 -------- d-----w- C:\Program Files\CCleaner
    2011-11-09 06:42:26 -------- d-----w- C:\36568a5f7538d704b44fbe91fcf618
    2011-11-09 06:23:52 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 06:23:52 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 06:23:49 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 06:23:47 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-26 01:38:58 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2011-10-26 01:38:58 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2011-10-23 02:00:45 -------- d-----w- C:\e427b4f5d3c2b3238d6a24ca63
    .
    ==================== Find3M ====================
    .
    2011-11-14 19:01:47 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2011-11-14 19:01:40 88 --sh--r- C:\ProgramData\C8663720C7.sys
    2011-10-15 18:54:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-12 23:25:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-10-12 23:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-01 01:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    .
    ============= FINISH: 19:22:26.06 ===============
     
  4. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    GMER hasn't found any system modifications.
     

    Attached Files:

  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,205
    Hiya

    Firstly, can you go to AddRemove Programs, and uninstall these (if found)

    IMVU Inc Toolbar
    Conduit Engine


    Then, as I see Malwarebytes' Anti-Malware is installed, can you update it and run a scan.

    Also, can you do this:

    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  6. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    All right. Here are the logs:

    Super AntiSpyware:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/22/2011 at 12:21 PM

    Application Version : 5.0.1136

    Core Rules Database Version : 7975
    Trace Rules Database Version: 5787

    Scan type : Quick Scan
    Total Scan Time : 00:02:03

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 338
    Memory threats detected : 0
    Registry items scanned : 59940
    Registry threats detected : 0
    File items scanned : 10329
    File threats detected : 287

    Adware.Tracking Cookie
    .interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    server.iad.liveperson.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .akamai.interclickproxy.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .bellcan.adbureau.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ads.zeusclicks.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    pt.trafficjunky.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    pt.trafficjunky.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .r1-ads.ace.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ads2.zeusclicks.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .exoclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .c.gigcount.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .www.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .beta-ads.ace.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adxpose.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    pfatracking.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    da-tracking.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.addynamix.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.brainsellmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.brainsellmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    mediaservices-d.openxenterprise.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .network.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.addynamix.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.addynamix.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    wstat.wibiya.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ads.bridgetrack.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ads.bridgetrack.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ads.bridgetrack.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    d.mediaforge.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    trafficking.nabbr.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    optimize.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    optimize.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    optimize.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adlegend.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adlegend.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    www.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .sexad.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .clickfuse.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .clickfuse.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .clickfuse.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
    .googleads.g.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
     
  7. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    MalwareBytes:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8218

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    11/22/2011 12:33:40 PM
    mbam-log-2011-11-22 (12-33-40).txt

    Scan type: Quick scan
    Objects scanned: 168634
    Time elapsed: 2 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,205
    Looks okay, so can you run this for me now:

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  9. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    ok

    OTL logfile created on: 11/22/2011 4:54:24 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Varbs\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.58% Memory free
    5.86 Gb Paging File | 4.79 Gb Available in Paging File | 81.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.79 Gb Total Space | 179.51 Gb Free Space | 81.31% Space Free | Partition Type: NTFS
    Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

    Computer Name: VARBS-PC | User Name: Varbs | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/22 16:53:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Varbs\Desktop\OTL.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/01/30 19:31:07 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/07/08 14:33:43 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2011/05/04 14:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2011/03/29 14:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2010/11/04 17:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/11/04 17:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/11/04 17:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2010/11/04 17:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/11/04 17:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/04 17:53:26 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    MOD - [2010/11/04 17:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    MOD - [2010/11/04 17:53:22 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    MOD - [2009/11/15 17:30:13 | 000,101,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2009/06/10 13:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    MOD - [2009/06/10 13:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    MOD - [2009/06/10 13:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/14 14:44:41 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/15 13:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/24 09:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/18 09:18:01 | 000,287,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/04/18 09:17:59 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/04/18 09:16:23 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/04/18 09:13:24 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/04/18 09:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/04/18 09:13:01 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/24 09:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009/06/24 09:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2009/06/24 09:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV:64bit: - [2009/06/24 09:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2009/06/24 09:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2009/06/23 16:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2009/06/18 20:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
    IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "SearchElf 1 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2547675&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {98208d10-3683-46d2-b5f0-f58704dfd26e}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: [email protected]:20110101
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c6ca360&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files (x86)\kSolo\npAVX.dll (kSolo, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMyWebS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/28 19:35:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/01 19:25:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/21 21:45:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 22:18:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/05 19:53:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/28 19:35:34 | 000,000,000 | ---D | M]

    [2010/06/06 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varbs\AppData\Roaming\mozilla\Extensions
    [2010/06/06 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varbs\AppData\Roaming\mozilla\Extensions\[email protected]
    [2011/11/04 03:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions
    [2011/10/26 18:33:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/11/04 03:15:56 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
    [2011/10/12 14:52:12 | 000,000,000 | ---D | M] (SearchElf 1 Community Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{98208d10-3683-46d2-b5f0-f58704dfd26e}
    [2011/04/11 14:35:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\[email protected]
    [2010/10/12 19:05:50 | 000,000,925 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\conduit.xml
    [2010/10/12 17:37:35 | 000,010,017 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\mywebsearch.xml
    [2011/11/08 22:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/08 22:18:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/30 18:35:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/08 22:18:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: GameVance = C:\Users\Varbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
    CHR - Extension: avast! WebRep = C:\Users\Varbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1091_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Varbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (Sammsoft)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/22 16:53:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Varbs\Desktop\OTL.exe
    [2011/11/20 15:02:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2011/11/14 19:07:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Varbs\Desktop\dds.com
    [2011/11/14 19:06:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Varbs\Desktop\HijackThis.exe
    [2011/11/14 18:48:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/11/14 18:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2011/11/14 11:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/11/14 11:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/11/14 11:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/11/14 11:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/11/08 22:42:26 | 000,000,000 | ---D | C] -- C:\36568a5f7538d704b44fbe91fcf618
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/22 16:56:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/22 16:53:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Varbs\Desktop\OTL.exe
    [2011/11/22 16:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/22 12:52:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/22 12:52:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/22 12:45:47 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2011/11/22 12:45:46 | 000,001,384 | ---- | M] () -- C:\Users\Varbs\Desktop\Clean Registry for Free!.lnk
    [2011/11/22 12:45:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/22 12:45:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVarbs.job
    [2011/11/22 12:44:51 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/20 21:39:22 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/11/20 21:39:18 | 000,000,088 | RHS- | M] () -- C:\ProgramData\C8663720C7.sys
    [2011/11/19 21:50:16 | 000,045,066 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\wklnhst.dat
    [2011/11/18 21:10:18 | 003,476,616 | ---- | M] () -- C:\Users\Varbs\Desktop\Hello Astronaut - A Thousand Miles Vanessa Carlton Cover.mp3
    [2011/11/14 19:31:26 | 000,302,592 | ---- | M] () -- C:\Users\Varbs\Desktop\rzeoixtk.exe
    [2011/11/14 19:07:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Varbs\Desktop\dds.com
    [2011/11/14 19:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Varbs\Desktop\HijackThis.exe
    [2011/11/14 16:25:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/14 16:25:03 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/14 16:25:03 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/12 21:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Varbs\AppData\Local\prvlcl.dat
    [2011/11/10 18:19:02 | 000,400,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/11/08 22:19:12 | 000,002,048 | ---- | M] () -- C:\Users\Varbs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/22 12:45:46 | 000,001,384 | ---- | C] () -- C:\Users\Varbs\Desktop\Clean Registry for Free!.lnk
    [2011/11/18 21:10:09 | 003,476,616 | ---- | C] () -- C:\Users\Varbs\Desktop\Hello Astronaut - A Thousand Miles Vanessa Carlton Cover.mp3
    [2011/11/14 19:31:25 | 000,302,592 | ---- | C] () -- C:\Users\Varbs\Desktop\rzeoixtk.exe
    [2011/05/31 23:29:39 | 000,000,000 | ---- | C] () -- C:\Users\Varbs\AppData\Local\{1EB8E186-CB0B-42A7-ACB1-AF7FAD6253CE}
    [2011/04/16 20:26:48 | 000,006,368 | -HS- | C] () -- C:\Users\Varbs\AppData\Local\hke23l8u34vh7umwrvv78r47
    [2011/04/16 20:26:48 | 000,006,368 | -HS- | C] () -- C:\ProgramData\hke23l8u34vh7umwrvv78r47
    [2010/11/15 16:54:43 | 000,000,000 | ---- | C] () -- C:\Users\Varbs\AppData\Local\prvlcl.dat
    [2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/07/06 12:52:50 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/07/06 12:52:50 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C8663720C7.sys
    [2009/12/28 19:34:42 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2009/11/07 16:30:35 | 000,045,066 | ---- | C] () -- C:\Users\Varbs\AppData\Roaming\wklnhst.dat
    [2009/08/24 22:05:20 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2009/07/15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/06/03 11:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

    ========== LOP Check ==========

    [2009/12/13 20:53:51 | 000,000,000 | -HSD | M] -- C:\Users\Varbs\AppData\Roaming\.#
    [2009/11/08 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Costco Photo Viewer US
    [2009/11/09 22:00:27 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\funkitron
    [2011/04/26 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\IMVU
    [2011/04/26 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\IMVUClient
    [2009/11/08 22:45:41 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\iWin
    [2009/11/07 12:10:35 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\PictureMover
    [2009/12/22 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Sammsoft
    [2009/11/07 16:30:37 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Template
    [2010/06/06 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Vivox
    [2009/11/07 23:22:47 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\WildTangent
    [2011/07/09 20:20:38 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  10. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    OTL Extras logfile created on: 11/22/2011 4:54:24 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Varbs\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.58% Memory free
    5.86 Gb Paging File | 4.79 Gb Available in Paging File | 81.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.79 Gb Total Space | 179.51 Gb Free Space | 81.31% Space Free | Partition Type: NTFS
    Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

    Computer Name: VARBS-PC | User Name: Varbs | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
    "{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{58F33687-EE1F-FE06-AC2B-6858503C33F2}" = Quick Hit - Football
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{A0C7FBA0-4966-40E0-BD64-9367FFFF8F1D}" = Pro Publisher Professional Business Labels
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DBDAD850-F8CD-45DA-8077-44368A1F959F}" = HP Support Assistant
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
    "AI RoboForm" = AI RoboForm (All Users)
    "avast" = avast! Free Antivirus
    "Build A Lot 3 Passport To Europe_is1" = Build A Lot 3 Passport To Europe
    "Google Chrome" = Google Chrome
    "Graboid Video" = Graboid Video 1.65
    "Homepage Protection" = Homepage Protection
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IMVU_Inc Toolbar" = IMVU Inc Toolbar
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "kSolo" = kSolo Recorder
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Medical Terminology for Health Professions_is1" = Medical Terminology for Health Professions
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1" = Quick Hit - Football
    "RealPlayer 12.0" = RealPlayer
    "Shockwave" = Shockwave
    "VLC media player" = VideoLAN VLC media player 0.8.6d
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  11. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    Happy Thanksgiving. :)
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,205
    Thanks, and you too :)


    Can you uninstall IMVU Inc Toolbar. You're not actually uninstalling the IMVU program, just the toolbar, as it contains Conduit, which is malware related.

    Also, can you uninstall Java(TM) 6 Update 14 (64-bit), and follow the following on updating Java:


    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Now, go here and download the latest Java Version.



    After doing that, can you run this fix:


    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
      IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2547675&SearchSource=3&q={searchTerms}"
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
      FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMyWebS.dll File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
      [2011/11/04 03:15:56 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
      [2011/04/11 14:35:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\[email protected]
      [2010/10/12 19:05:50 | 000,000,925 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\conduit.xml
      [2010/10/12 17:37:35 | 000,010,017 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\mywebsearch.xml
      O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
      O4 - HKLM..\Run: [] File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
      O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      :Files
      ipconfig /flushdns /c 
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply
     
  13. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    Sorry, but every time I try to uninstall the Java 6 update, I get a message that reads "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'jre1.6.0_14.msi' in the box below."
     
  14. KeliK

    KeliK Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    46
    My sister tried to turn on her laptop, and she got this message from OTL:


    Files\Folders moved on Reboot...
    C:\Users\Varbs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,205
    Okay, for the Java part, just see if running the JavaRa will help, and leave the manual uninstall alone for now.

    As for the other part, that was because it was probably running and needed to be removed when the computer boots up, so its normal. I assume that was after running the above fix?


    Can you post a fresh OTL log? It will only produce the one this time, which is okay :)

    eddie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Deleted Desktop Shortcut
  1. agurl333
    Replies:
    1
    Views:
    498
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026927

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice