Deleted Desktop Shortcut Reappears After Reboot

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
I've been on my little sister's laptop all day trying to clean it up for her, but I'm afraid I'm not the computer wiz I'd like to think. :p There's a shortcut on her desktop that reads "Clean Registry for Free" (suspicious, I know!) that keeps returning after I reboot her computer, no matter how many ways I attempt to permanently delete it. It is linked to the webpage http://www.sammsoft.com/getitfree/?ActionSource=icon. I figure it must be some nasty malware. I appreciate any help I can get!


The required logs will be posted shortly in the following post.
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:07:20 PM, on 11/14/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Varbs\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMVU Inc - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkANgAyADAAOAA5ADgALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADQAMgA5ADQAOQA1ADQANwAwADMALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABNADEAMgBBAFUAKwAxAC0AUwBUAEYAOQAwAE0AMQAyAEEAVQBTACsAMQA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14286 bytes
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
DDS.txt File:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Varbs at 19:19:23 on 2011-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1772 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\msconfig.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkANgAyADAAOAA5ADgALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADQAMgA5ADQAOQA1ADQANwAwADMALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABNADEAMgBBAFUAKwAxAC0AUwBUAEYAOQAwAE0AMQAyAEEAVQBTACsAMQA"&"prod=90"&"ver=9.0.894
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &Search
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0} : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\2375942554532313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\845627263747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\C696E64637569702 : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\C696E6B6379737 : DhcpNameServer = 75.104.160.61
TCP: Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}\E4544574541425 : DhcpNameServer = 10.0.0.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
BHO-X64: IMVU Inc - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkANgAyADAAOAA5ADgALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADQAMgA5ADQAOQA1ADQANwAwADMALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABNADEAMgBBAFUAKwAxAC0AUwBUAEYAOQAwAE0AMQAyAEEAVQBTACsAMQA"&"prod=90"&"ver=9.0.894
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2547675&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6ca360&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{98208d10-3683-46d2-b5f0-f58704dfd26e}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\kSolo\npAVX.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-21 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-21 366152]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
.
=============== Created Last 30 ================
.
2011-11-15 02:48:43 -------- d-----w- C:\Windows\pss
2011-11-15 02:14:47 0 ----a-w- C:\Windows\SysWow64\RENF3B4.tmp
2011-11-15 02:14:47 0 ----a-w- C:\Windows\SysWow64\RENF3B3.tmp
2011-11-15 02:14:47 0 ----a-w- C:\Windows\SysWow64\RENF3B2.tmp
2011-11-14 19:56:15 -------- d-----w- C:\ProgramData\!SASCORE
2011-11-14 19:43:42 -------- d-----w- C:\Program Files\CCleaner
2011-11-09 06:42:26 -------- d-----w- C:\36568a5f7538d704b44fbe91fcf618
2011-11-09 06:23:52 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 06:23:52 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 06:23:49 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 06:23:47 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-10-26 01:38:58 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 01:38:58 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-23 02:00:45 -------- d-----w- C:\e427b4f5d3c2b3238d6a24ca63
.
==================== Find3M ====================
.
2011-11-14 19:01:47 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-11-14 19:01:40 88 --sh--r- C:\ProgramData\C8663720C7.sys
2011-10-15 18:54:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-12 23:25:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-12 23:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 01:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 19:22:26.06 ===============
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya

Firstly, can you go to AddRemove Programs, and uninstall these (if found)

IMVU Inc Toolbar
Conduit Engine


Then, as I see Malwarebytes' Anti-Malware is installed, can you update it and run a scan.

Also, can you do this:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
All right. Here are the logs:

Super AntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/22/2011 at 12:21 PM

Application Version : 5.0.1136

Core Rules Database Version : 7975
Trace Rules Database Version: 5787

Scan type : Quick Scan
Total Scan Time : 00:02:03

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 338
Memory threats detected : 0
Registry items scanned : 59940
Registry threats detected : 0
File items scanned : 10329
File threats detected : 287

Adware.Tracking Cookie
.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.bellcan.adbureau.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ads.zeusclicks.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
pt.trafficjunky.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
pt.trafficjunky.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.youporninhd.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.beta-ads.ace.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
pfatracking.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
da-tracking.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.addynamix.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.brainsellmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.brainsellmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.addynamix.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.addynamix.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
d.mediaforge.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
trafficking.nabbr.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.sexad.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\VARBS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W6IUM4MR.DEFAULT\COOKIES.SQLITE ]
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
MalwareBytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8218

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/22/2011 12:33:40 PM
mbam-log-2011-11-22 (12-33-40).txt

Scan type: Quick scan
Objects scanned: 168634
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Looks okay, so can you run this for me now:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
ok

OTL logfile created on: 11/22/2011 4:54:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Varbs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.58% Memory free
5.86 Gb Paging File | 4.79 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 179.51 Gb Free Space | 81.31% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Computer Name: VARBS-PC | User Name: Varbs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 16:53:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Varbs\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/01/30 19:31:07 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/08 14:33:43 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/05/04 14:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 14:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 17:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 17:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 17:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 17:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 17:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/04 17:53:26 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2010/11/04 17:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/11/04 17:53:22 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2009/11/15 17:30:13 | 000,101,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 13:14:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 13:14:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 13:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/14 14:44:41 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 13:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/24 09:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/18 09:18:01 | 000,287,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/04/18 09:17:59 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/04/18 09:16:23 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/04/18 09:13:24 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/04/18 09:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/18 09:13:01 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 09:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 09:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 09:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 09:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 09:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/23 16:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 20:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "SearchElf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2547675&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {98208d10-3683-46d2-b5f0-f58704dfd26e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c6ca360&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files (x86)\kSolo\npAVX.dll (kSolo, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/28 19:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/01 19:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/21 21:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 22:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/05 19:53:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/28 19:35:34 | 000,000,000 | ---D | M]

[2010/06/06 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varbs\AppData\Roaming\mozilla\Extensions
[2010/06/06 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varbs\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/11/04 03:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions
[2011/10/26 18:33:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/04 03:15:56 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/10/12 14:52:12 | 000,000,000 | ---D | M] (SearchElf 1 Community Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{98208d10-3683-46d2-b5f0-f58704dfd26e}
[2011/04/11 14:35:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\[email protected]
[2010/10/12 19:05:50 | 000,000,925 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\conduit.xml
[2010/10/12 17:37:35 | 000,010,017 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\mywebsearch.xml
[2011/11/08 22:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 22:18:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 18:35:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:18:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: GameVance = C:\Users\Varbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: avast! WebRep = C:\Users\Varbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1091_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Varbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC19009B-6C8C-4CBD-8D53-3604E67013C0}: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 16:53:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Varbs\Desktop\OTL.exe
[2011/11/20 15:02:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/14 19:07:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Varbs\Desktop\dds.com
[2011/11/14 19:06:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Varbs\Desktop\HijackThis.exe
[2011/11/14 18:48:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/14 18:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/11/14 11:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/11/14 11:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/14 11:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/14 11:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/08 22:42:26 | 000,000,000 | ---D | C] -- C:\36568a5f7538d704b44fbe91fcf618
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/22 16:56:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/22 16:53:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Varbs\Desktop\OTL.exe
[2011/11/22 16:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 12:52:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 12:52:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 12:45:47 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/11/22 12:45:46 | 000,001,384 | ---- | M] () -- C:\Users\Varbs\Desktop\Clean Registry for Free!.lnk
[2011/11/22 12:45:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/22 12:45:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVarbs.job
[2011/11/22 12:44:51 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 21:39:22 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/20 21:39:18 | 000,000,088 | RHS- | M] () -- C:\ProgramData\C8663720C7.sys
[2011/11/19 21:50:16 | 000,045,066 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\wklnhst.dat
[2011/11/18 21:10:18 | 003,476,616 | ---- | M] () -- C:\Users\Varbs\Desktop\Hello Astronaut - A Thousand Miles Vanessa Carlton Cover.mp3
[2011/11/14 19:31:26 | 000,302,592 | ---- | M] () -- C:\Users\Varbs\Desktop\rzeoixtk.exe
[2011/11/14 19:07:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Varbs\Desktop\dds.com
[2011/11/14 19:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Varbs\Desktop\HijackThis.exe
[2011/11/14 16:25:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/14 16:25:03 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/14 16:25:03 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/12 21:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Varbs\AppData\Local\prvlcl.dat
[2011/11/10 18:19:02 | 000,400,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 22:19:12 | 000,002,048 | ---- | M] () -- C:\Users\Varbs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/22 12:45:46 | 000,001,384 | ---- | C] () -- C:\Users\Varbs\Desktop\Clean Registry for Free!.lnk
[2011/11/18 21:10:09 | 003,476,616 | ---- | C] () -- C:\Users\Varbs\Desktop\Hello Astronaut - A Thousand Miles Vanessa Carlton Cover.mp3
[2011/11/14 19:31:25 | 000,302,592 | ---- | C] () -- C:\Users\Varbs\Desktop\rzeoixtk.exe
[2011/05/31 23:29:39 | 000,000,000 | ---- | C] () -- C:\Users\Varbs\AppData\Local\{1EB8E186-CB0B-42A7-ACB1-AF7FAD6253CE}
[2011/04/16 20:26:48 | 000,006,368 | -HS- | C] () -- C:\Users\Varbs\AppData\Local\hke23l8u34vh7umwrvv78r47
[2011/04/16 20:26:48 | 000,006,368 | -HS- | C] () -- C:\ProgramData\hke23l8u34vh7umwrvv78r47
[2010/11/15 16:54:43 | 000,000,000 | ---- | C] () -- C:\Users\Varbs\AppData\Local\prvlcl.dat
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/06 12:52:50 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/06 12:52:50 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C8663720C7.sys
[2009/12/28 19:34:42 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/11/07 16:30:35 | 000,045,066 | ---- | C] () -- C:\Users\Varbs\AppData\Roaming\wklnhst.dat
[2009/08/24 22:05:20 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 11:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

========== LOP Check ==========

[2009/12/13 20:53:51 | 000,000,000 | -HSD | M] -- C:\Users\Varbs\AppData\Roaming\.#
[2009/11/08 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Costco Photo Viewer US
[2009/11/09 22:00:27 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\funkitron
[2011/04/26 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\IMVU
[2011/04/26 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\IMVUClient
[2009/11/08 22:45:41 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\iWin
[2009/11/07 12:10:35 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\PictureMover
[2009/12/22 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Sammsoft
[2009/11/07 16:30:37 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Template
[2010/06/06 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\Vivox
[2009/11/07 23:22:47 | 000,000,000 | ---D | M] -- C:\Users\Varbs\AppData\Roaming\WildTangent
[2011/07/09 20:20:38 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
OTL Extras logfile created on: 11/22/2011 4:54:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Varbs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.58% Memory free
5.86 Gb Paging File | 4.79 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 179.51 Gb Free Space | 81.31% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.01 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Computer Name: VARBS-PC | User Name: Varbs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58F33687-EE1F-FE06-AC2B-6858503C33F2}" = Quick Hit - Football
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A0C7FBA0-4966-40E0-BD64-9367FFFF8F1D}" = Pro Publisher Professional Business Labels
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBDAD850-F8CD-45DA-8077-44368A1F959F}" = HP Support Assistant
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AI RoboForm" = AI RoboForm (All Users)
"avast" = avast! Free Antivirus
"Build A Lot 3 Passport To Europe_is1" = Build A Lot 3 Passport To Europe
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 1.65
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"kSolo" = kSolo Recorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Medical Terminology for Health Professions_is1" = Medical Terminology for Health Professions
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1" = Quick Hit - Football
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Thanks, and you too :)


Can you uninstall IMVU Inc Toolbar. You're not actually uninstalling the IMVU program, just the toolbar, as it contains Conduit, which is malware related.

Also, can you uninstall Java(TM) 6 Update 14 (64-bit), and follow the following on updating Java:


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Now, go here and download the latest Java Version.



After doing that, can you run this fix:


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2547675&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMyWebS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\3.bin
    [2011/11/04 03:15:56 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
    [2011/04/11 14:35:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Varbs\AppData\Roaming\mozilla\Firefox\Profiles\w6ium4mr.default\extensions\[email protected]
    [2010/10/12 19:05:50 | 000,000,925 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\conduit.xml
    [2010/10/12 17:37:35 | 000,010,017 | ---- | M] () -- C:\Users\Varbs\AppData\Roaming\Mozilla\Firefox\Profiles\w6ium4mr.default\searchplugins\mywebsearch.xml
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    :Files
    ipconfig /flushdns /c 
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
Sorry, but every time I try to uninstall the Java 6 update, I get a message that reads "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'jre1.6.0_14.msi' in the box below."
 

KeliK

Thread Starter
Joined
Oct 11, 2011
Messages
46
My sister tried to turn on her laptop, and she got this message from OTL:


Files\Folders moved on Reboot...
C:\Users\Varbs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Okay, for the Java part, just see if running the JavaRa will help, and leave the manual uninstall alone for now.

As for the other part, that was because it was probably running and needed to be removed when the computer boots up, so its normal. I assume that was after running the above fix?


Can you post a fresh OTL log? It will only produce the one this time, which is okay :)

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top