Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NYMI.IB.ADNXS.COM popup problem-Removal?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 27th, 2013, 7:04 pm

Back to ya ....
Here are the results of the latest OTL scan ...

OTL logfile created on: 1/27/2013 6:48:35 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luvfishn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 49.08% Memory free
19.77 Gb Paging File | 15.82 Gb Available in Paging File | 80.02% Paging File free
Paging file location(s): c:\pagefile.sys 12147 12147 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.64 Gb Total Space | 376.58 Gb Free Space | 64.97% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive S: | 2794.49 Gb Total Space | 2194.17 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: BOBS_LAPTOP | User Name: Luvfishn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 08:45:04 | 001,540,112 | ---- | M] (SecureKey Technologies Inc.) -- C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6948\SecureKey.exe
PRC - [2013/01/23 18:21:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
PRC - [2013/01/23 15:58:25 | 000,348,160 | ---- | M] () -- C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe
PRC - [2013/01/07 15:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\CloudSoft\SaveByClick\SaveByClick.exe
PRC - [2012/12/23 10:39:38 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/12/20 22:43:14 | 001,434,984 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/12/20 22:43:12 | 000,735,592 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/11/29 22:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2012/09/06 09:45:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/06/14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 09:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/01/06 15:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/12 01:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/25 20:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2010/08/16 14:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/06/04 20:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files (x86)\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2013/01/09 14:22:20 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 14:21:51 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 14:21:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 12:02:29 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
MOD - [2013/01/09 12:01:20 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/09 11:45:33 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/09 11:45:26 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\08fca556cf3fe582233fa080cdbec8f1\System.Windows.Forms.ni.dll
MOD - [2013/01/09 11:45:13 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/09 11:45:01 | 000,745,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\2953bd325cbadeb5da550379e3185950\System.Security.ni.dll
MOD - [2013/01/09 11:44:59 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/09 11:44:56 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 11:44:56 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/09 11:44:55 | 000,309,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5d6d093b4b5b80c944f571d81d8ae2e4\PresentationFramework.Classic.ni.dll
MOD - [2013/01/09 11:44:51 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 11:44:48 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 11:44:41 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/12/20 22:43:24 | 000,785,256 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/11/29 22:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 22:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/08/12 01:45:26 | 000,198,144 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 01:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 06:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 06:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 06:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 06:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 06:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 06:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 14:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2010/05/23 14:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 16:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 16:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 16:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/08/22 09:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2013/01/19 11:42:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 09:05:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/20 22:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/27 18:45:07 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\nurszdeb.sys -- (nurszdeb)
DRV:64bit: - [2013/01/18 09:36:56 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/11/29 10:30:40 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/29 10:30:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/29 10:30:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/07 03:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 03:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 03:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/26 16:37:59 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/04/18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/04/12 21:30:40 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/24 06:04:01 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/27 13:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 23:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 14:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/25 16:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.simplespeedy.info/?l=1&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {904F4B4E-2A11-4D1C-B20D-E036D2A72F52}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {904F4B4E-2A11-4D1C-B20D-E036D2A72F52}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://login.yahoo.com/config/log [Binary data over 200 bytes]
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E B0 A5 2C 34 E8 CD 01 [binary data]
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://investdb.theglobeandmail.com/inv ... de=SECLIST
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes,DefaultScope = {2E057310-3B1D-4BB1-B026-D60477836680}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{2E057310-3B1D-4BB1-B026-D60477836680}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =800236&p={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS475
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{C6C63773-426A-494F-A399-77BE17BF9AE9}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{FC27A2BA-163E-495D-9A2D-FF54C3C6931F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2|https://account.netzero.net/s/account"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121129
FF - prefs.js..extensions.enabledAddons: wtxpcom%40mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B214ccfbe-f58a-4668-8403-eca590d20530%7D:1.1.3149.6948
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Luvfishn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/13 08:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/20 13:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/13 08:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/16 13:30:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 10:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/01 10:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/23 10:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 09:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 09:05:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/20 13:31:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 09:05:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 09:05:18 | 000,000,000 | ---D | M]

[2012/03/18 13:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Extensions
[2013/01/25 13:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions
[2012/11/30 12:56:08 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/01/25 08:48:32 | 000,000,000 | ---D | M] (SecureKey Extension) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{214ccfbe-f58a-4668-8403-eca590d20530}
[2013/01/01 10:24:09 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50e2ed76c32a0@50e2ed76c32d9.com
[2013/01/17 13:15:36 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50f8306022eb7@50f8306022ef1.com
[2013/01/21 22:42:00 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50fe01324d42b@50fe01324d464.com
[2013/01/25 13:50:53 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\5102cb519642a@5102cb5196463.com
[2012/05/09 15:07:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\DeviceDetection@logitech.com
[2012/12/20 09:40:46 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\plugin@selectionlinks.com
[2013/01/02 10:06:09 | 000,491,479 | ---- | M] () (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\abb@amazon.com.xpi
[2013/01/24 15:41:16 | 006,683,480 | ---- | M] () (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{214ccfbe-f58a-4668-8403-eca590d20530}\securekey.unsigned.xpi
[2013/01/25 13:50:27 | 000,000,559 | ---- | M] () -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\searchplugins\WebSearch.xml
[2013/01/23 17:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 09:05:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/19 09:05:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/11 09:24:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/12/16 13:30:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/01 10:04:35 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013/01/19 09:05:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/12/23 10:40:06 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/08/30 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/20 06:12:28 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.simplespeedy.info/
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejjikafebghfjoodkkipahmnijbglpi\1.1.3149.6452_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej\3.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidljmjkobeoidolpjpcgdoblhpmiond\1_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcddbapmmbmogepeclfoenegoopnidb\1\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmgbgcifepbljkbeaeghohnnaohadin\1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (continuetosave) - {277A1892-AE4F-CB3D-6696-065B2142DC34} - C:\ProgramData\continuetosave\5102cb51965bc.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {E9DF9360-97F8-4690-AFE6-996C80790DA4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TOSHIBA Face Recognition] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMessaging] C:\Users\Luvfishn\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\Run: [SecureKey] C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6948\SecureKey.exe (SecureKey Technologies Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A713D883-06B0-46A4-8361-69CE6657BE74}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\saveby~1\sprote~1.dll) - c:\Program Files (x86)\SaveByClick\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\softqu~1\sprote~1.dll) - c:\Program Files (x86)\SoftQuick\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\Program Files (x86)\ContinueToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\simple~1\sprote~1.dll) - c:\Program Files (x86)\SimpleSpeedy\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/02 14:14:20 | 000,000,082 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3e3993f3-24d9-11e2-a8fc-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{3e3993f3-24d9-11e2-a8fc-dc0ea13b5126}\Shell\AutoRun\command - "" = G:\SkStartup.exe
O33 - MountPoints2\{478620fe-fa91-11e1-9aed-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{478620fe-fa91-11e1-9aed-dc0ea13b5126}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 15:27:17 | 003,728,752 | ---- | M] (Western Digital)
O33 - MountPoints2\{756b32ef-2294-11e2-ac80-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{756b32ef-2294-11e2-ac80-dc0ea13b5126}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 15:27:17 | 003,728,752 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 18:45:07 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\nurszdeb.sys
[2013/01/27 17:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/01/25 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleSpeedy
[2013/01/25 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/01/25 13:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft
[2013/01/25 13:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
[2013/01/25 11:50:18 | 002,082,630 | ---- | C] (J.C. Kessels ) -- C:\Users\Luvfishn\Desktop\MyDefrag-v4.3.1.exe
[2013/01/24 13:21:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/24 13:12:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
[2013/01/21 22:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftQuick
[2013/01/21 22:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave
[2013/01/21 22:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2013/01/21 10:18:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/21 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\Desktop\MalwareRemoval
[2013/01/20 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/20 12:29:06 | 023,357,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Luvfishn\Desktop\SUPERAntiSpyware.exe
[2013/01/19 09:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/17 13:23:04 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/17 13:23:04 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/17 13:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/17 13:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CloudSoft
[2013/01/17 13:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveByClick
[2013/01/17 13:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/01/17 13:06:20 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMAPI32.OCX
[2013/01/17 13:06:16 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2013/01/17 13:06:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMPIDE.DLL
[2013/01/17 12:14:45 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\SpeedyPC Software
[2013/01/17 12:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/01/17 11:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax 2012
[2013/01/17 11:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/17 11:15:50 | 009,703,176 | ---- | C] (SurfRight B.V.) -- C:\Users\Luvfishn\Desktop\HitmanPro_x64.exe
[2013/01/17 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
[2013/01/17 10:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2013/01/16 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Anvisoft
[2013/01/16 18:02:48 | 000,023,376 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\asdrs.sys
[2013/01/16 18:02:48 | 000,018,768 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\asdrm.sys
[2013/01/16 18:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/01/16 18:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/01/16 18:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/01/09 11:29:48 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/09 11:29:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/09 11:29:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/09 11:28:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/09 11:28:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/09 11:28:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/09 11:28:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/09 11:28:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/09 11:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/09 11:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/09 11:28:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/09 11:28:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/09 11:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/09 11:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/09 11:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/09 11:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/09 11:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/09 11:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/09 11:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/09 11:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/09 11:28:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/09 11:28:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/09 11:28:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/09 11:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/09 11:28:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/09 11:28:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/09 11:28:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/09 11:28:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/09 11:28:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/09 11:28:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/09 11:28:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/09 11:28:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/09 11:28:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/09 11:26:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/09 11:26:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/09 11:26:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/09 11:26:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/09 11:26:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/09 11:26:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/09 11:26:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/09 11:26:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/09 11:26:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/09 11:26:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:26:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/09 11:26:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/09 11:26:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:26:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/09 11:25:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/01/07 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Malwarebytes
[2013/01/07 11:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/07 11:15:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/07 11:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/02 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\PDF Architect
[2013/01/01 11:21:50 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\IsolatedStorage
[2013/01/01 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Strongvault
[2013/01/01 10:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/01/01 10:27:10 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\Stronghold_LLC
[2013/01/01 10:27:01 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2013/01/01 10:21:53 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX
[2013/01/01 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\OpenCandy
[2013/01/01 10:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
[2013/01/01 10:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013/01/01 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\APP_NAME_NON_STRING
[2013/01/01 10:04:51 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\Documents\PDF Architect Files
[2013/01/01 10:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/01/01 10:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/01/01 09:55:02 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\Programs
[2012/12/31 20:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/06/26 16:37:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/01/27 18:45:07 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\nurszdeb.sys
[2013/01/27 17:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 15:13:14 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 15:13:14 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 15:05:05 | 000,000,437 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/01/27 15:03:47 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\schedule!1143840799.job
[2013/01/27 15:03:47 | 000,000,392 | -H-- | M] () -- C:\windows\tasks\{70C8A1B6-1D07-4DE3-9566-1A43422BADFE}.job
[2013/01/27 15:03:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/27 15:02:59 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 12:43:51 | 000,612,288 | ---- | M] () -- C:\Users\Luvfishn\Desktop\NRFMManual.pdf
[2013/01/27 10:09:19 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/27 10:09:19 | 000,665,232 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/27 10:09:19 | 000,125,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/25 11:50:46 | 002,082,630 | ---- | M] (J.C. Kessels ) -- C:\Users\Luvfishn\Desktop\MyDefrag-v4.3.1.exe
[2013/01/23 18:21:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
[2013/01/20 12:32:06 | 023,357,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Luvfishn\Desktop\SUPERAntiSpyware.exe
[2013/01/19 11:42:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 11:42:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/18 09:36:56 | 000,032,152 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/01/18 09:35:15 | 000,017,966 | ---- | M] () -- C:\windows\SysNative\.crusader
[2013/01/17 22:54:59 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/01/17 13:06:24 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/17 11:48:01 | 000,321,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/17 11:18:33 | 009,703,176 | ---- | M] (SurfRight B.V.) -- C:\Users\Luvfishn\Desktop\HitmanPro_x64.exe
[2013/01/16 18:02:52 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/01/16 18:02:37 | 000,001,511 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/01/16 12:42:12 | 029,016,792 | ---- | M] () -- C:\Users\Luvfishn\Desktop\asdsetup.exe
[2013/01/11 11:39:42 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2013/01/09 14:52:36 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2013/01/09 11:46:36 | 000,765,700 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/07 11:15:44 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 11:49:59 | 000,107,283 | ---- | M] () -- C:\windows\SysNative\tmp.xml
[2013/01/04 10:45:58 | 000,007,144 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Sun Trust Nov Statement.pdf
[2013/01/04 10:44:24 | 000,009,131 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Sun Trust Dec Statement.pdf
[2013/01/01 10:05:05 | 000,001,004 | ---- | M] () -- C:\Users\Luvfishn\Desktop\PDF Architect.lnk
[2013/01/01 09:50:11 | 000,096,409 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Staples Photo Paper rebate 1Jan13.pdf
[2013/01/01 09:48:44 | 000,093,762 | ---- | M] () -- C:\Users\Luvfishn\Desktop\__www.stapleseasyrebates.com_staples_Confirmation.do.pdf

========== Files Created - No Company Name ==========

[2013/01/27 12:43:49 | 000,612,288 | ---- | C] () -- C:\Users\Luvfishn\Desktop\NRFMManual.pdf
[2013/01/25 13:50:07 | 000,000,434 | -H-- | C] () -- C:\windows\tasks\schedule!1143840799.job
[2013/01/17 22:54:59 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/01/17 13:23:05 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 13:07:01 | 000,000,392 | -H-- | C] () -- C:\windows\tasks\{70C8A1B6-1D07-4DE3-9566-1A43422BADFE}.job
[2013/01/17 13:06:24 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/17 11:48:34 | 000,032,152 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/01/17 11:46:23 | 000,017,966 | ---- | C] () -- C:\windows\SysNative\.crusader
[2013/01/16 18:02:52 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/01/16 18:02:48 | 000,017,232 | ---- | C] () -- C:\windows\SysNative\drivers\asdws.sys
[2013/01/16 18:02:37 | 000,001,511 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/01/16 12:37:34 | 029,016,792 | ---- | C] () -- C:\Users\Luvfishn\Desktop\asdsetup.exe
[2013/01/07 11:15:44 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 10:45:57 | 000,007,144 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Sun Trust Nov Statement.pdf
[2013/01/04 10:44:24 | 000,009,131 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Sun Trust Dec Statement.pdf
[2013/01/01 10:05:05 | 000,001,004 | ---- | C] () -- C:\Users\Luvfishn\Desktop\PDF Architect.lnk
[2013/01/01 09:50:11 | 000,096,409 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Staples Photo Paper rebate 1Jan13.pdf
[2013/01/01 09:48:42 | 000,093,762 | ---- | C] () -- C:\Users\Luvfishn\Desktop\__www.stapleseasyrebates.com_staples_Confirmation.do.pdf
[2012/11/16 16:28:23 | 000,102,248 | ---- | C] () -- C:\Users\Luvfishn\GoToAssistDownloadHelper.exe
[2012/08/31 12:48:41 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/06/26 16:40:40 | 000,001,041 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\vso_ts_preview.xml
[2012/06/26 16:37:59 | 000,099,384 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\inst.exe
[2012/06/26 16:37:59 | 000,007,859 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.cat
[2012/06/26 16:37:59 | 000,001,167 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.inf
[2012/05/20 13:28:17 | 000,220,615 | ---- | C] () -- C:\windows\hpoins35.dat
[2012/05/20 13:28:17 | 000,000,778 | ---- | C] () -- C:\windows\hpomdl35.dat
[2012/05/18 07:42:03 | 000,000,017 | ---- | C] () -- C:\Users\Luvfishn\AppData\Local\resmon.resmoncfg
[2012/05/03 15:26:20 | 000,005,632 | ---- | C] () -- C:\Users\Luvfishn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 08:53:06 | 000,000,149 | ---- | C] () -- C:\windows\QUICKEN.INI
[2012/03/18 12:37:47 | 000,765,700 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/27 13:53:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/06/27 13:53:58 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/06/27 13:53:58 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/06/27 13:48:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/06/27 13:28:08 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Your instruction were clear and no problem executing them pgmigg :)
The computer is functioning OK.

Thanks! Waiting for further instructions!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA
Advertisement
Register to Remove

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 28th, 2013, 1:50 am

Hello luvfishn,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Step 1.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u11) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x64, click on the associated file name, then save the file to your Desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From Desktop please right-click on jre-7u11-windows-x64.exe select "Run As Administrator..." to install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Advanced tab and find the JRE Auto-Download sub-menu.
  3. CHECK "Never Auto-Download". (You can check for updates manually.)
  4. Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Then:
Please don't forget to enable all your defense software!

Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 28th, 2013, 9:56 am

Hello pgmigg. I have completed your last set of instructions witout any problems. It would appear that the light at the end of the
tunnel has arrived! I will "road test" my pc for a couple of days to make sure everything is fine. I will report back with my final
comments then. In the meantime .... a million thanks to you and your crew. :)
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 28th, 2013, 11:58 am

You are very welcome, luvfishn! :D

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 28th, 2013, 5:03 pm

Hi Again pgmigg. I've run into a problem. I may have shot myself in the foot. Used both IE Explorer and Firefox to surf the web. Both were working fine with no indication of a problem. I then decided to clean up some of the
programs on the pc. Ran appwiz.cpl to remove and hit two snags.
1) "SaveByClick" and "Coupon Printer For windows" would not install and remain in the list of apps.
I then downloaded "SaveByClick" from the web and installed and ran it. I have done this in the past for other
programs and was then able to accomplish the uninstall in the programs directory folder. I received the subject popup screen in Firefox. I immediately did an uninstall from the programs directory folder and received a sucessful uninstal message. Fearing additional problems, I completely uninstalled Firefox.

2) I updated and ran MBAM antivirus first as a quick scan and then as a full scan.
Here are the log results.

Scan 01:
Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Database version: v2013.01.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Luvfishn :: BOBS_LAPTOP [administrator]

1/28/2013 3:08:56 PM
mbam-log-2013-01-28 (15-08-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219438
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Luvfishn\AppData\Local\Temp\{6E25F704-D430-4D69-AF82-9C12B5C6D5F2}\Addons\browser_coupon_setup.exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Users\Luvfishn\Local Settings\Temporary Internet Files\Content.IE5\CZ5A75W6\5106caf282b7a[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

(end)

Scan 02

Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Database version: v2013.01.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Luvfishn :: BOBS_LAPTOP [administrator]

1/28/2013 3:24:43 PM
mbam-log-2013-01-28 (15-24-43).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429045
Time elapsed: 1 hour(s), 10 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The two files mentioned in item 1) are still listed in appwiz.cpl and won't uninstall.
I haven't redownloaded Firefox. IE Explorer browser is still working well.
Thought I better stop here hoping we can stop this problem from getting worse.
My sincere apology :(
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 29th, 2013, 2:36 am

Hello luvfishn,
I've run into a problem. I may have shot myself in the foot. Used both IE Explorer and Firefox to surf the web. Both were working fine with no indication of a problem. I then decided to clean up some of the
programs on the pc. Ran appwiz.cpl to remove and hit two snags.
1) "SaveByClick" and "Coupon Printer For windows" would not install and remain in the list of apps.
I then downloaded "SaveByClick" from the web and installed and ran it. I have done this in the past for other
programs and was then able to accomplish the uninstall in the programs directory folder. I received the subject popup screen in Firefox. I immediately did an uninstall from the programs directory folder and received a sucessful uninstal message.
Yes, you are right - it is my fault that I missed this two "bad" applications. :(

The Coupon Printer for Windows is an adware program that delivers advertisements on your PC - you can find the article about it with instruction how to remove it completely.

The SaveByClick is an adware that displays advertisements and hijacks your browsers. It usually comes with installation pack of other software downloaded and installed on your machine without permissions - you can find the article about it with instruction how to remove it completely.

Then you can download and install FireFox...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 29th, 2013, 11:06 am

Back to ya pgmigg :)
Thanks for the help. I found the information in the "article" links was outdated and didn't refer to the current versions of IE Explorer/firefox
browsers. However, I obtained enough to figure out how to remove/disable extensions in Firefox. IE Explorer seems to be clean as of now so I did not change anything there.
I managed to remove all signs of the coupon print program. It no longer shows in the program directory or in the add/remove program list
for Windows Control Panel. However initially I was unable to remove the "click to save" residue that remained by using the "regedit" and "Control Panel add/remove" methods. Somewhere in my web searching I found a link to dl a program named "adwcleaner". I was a bit leery about using it. My frustration level by now was thru the roof so I executed it. Eureka! The program removed all residue traces of "click to save".
Here is the log it produced ...

AdwCleaner v2.109 - Logfile created 01/29/2013 at 10:25:03
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Luvfishn - BOBS_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Luvfishn\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater
Stopped & Deleted : Web Assistant Updater
Stopped & Deleted : WebOptimizer

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\SaveByclick
File Deleted : C:\user.js
File Deleted : C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SaveByclick
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Luvfishn\AppData\LocalLow\SaveByclick
Folder Deleted : C:\Users\Luvfishn\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Luvfishn\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Luvfishn\AppData\Roaming\pdfforge
Folder Deleted : C:\windows\SysWOW64\WNLT

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\saveby~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\simple~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\softqu~1\sprote~1.dll
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.simplespeedy.info/ --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\prefs.js

C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "24-1-2013");
Deleted : user_pref("CT2786678.DSChangedManually", false);
Deleted : user_pref("CT2786678.DSInstall", true);
Deleted : user_pref("CT2786678.DSProtectChoice", true);
Deleted : user_pref("CT2786678.DSProtectCount", 1);
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu Jan 24 2013 14:23:44 GMT-0400 (Atlantic Stand[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Mon Oct 29 2012 07:21:50 GMT-0300 (Atlantic Daylight T[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 320);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Mon Oct 29 2012 07:21:50 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Mon Oct 29 2012 07:21:50 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Mon Oct 29 2012 07:21:50 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Mon Oct 29 2012 07:21:50 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Mon Oct 29 2012 07:21:50 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "14-5-2012");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HPInstall", false);
Deleted : user_pref("CT2786678.HPProtectChoice", true);
Deleted : user_pref("CT2786678.HPProtectCount", 1);
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.theglobeandmail.com/globe-investor/my-watchl[...]
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "DirectDownload");
Deleted : user_pref("CT2786678.InstalledDate", "Mon May 14 2012 09:41:39 GMT-0300 (Atlantic Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);
Deleted : user_pref("CT2786678.IsProtectorsInit", true);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Jan 23 2013 19:29:28 GMT-0400 (Atlantic Standa[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 30 2012 21:55:40 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Jul 17 2012 06:56:12 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Sun Aug 26 2012 20:31:31 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Thu Nov 08 2012 20:20:41 GMT-0400 (Atlantic Standard Time[...]
Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Thu Jan 24 2013 12:51:14 GMT-0400 (Atlantic Standard Time[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "uTorrentBar Customized Web Search");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Jan 23 2013 19:29:23 GMT-0400 (Atlantic Stan[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", true);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Jan 23 2013 19:29:26 GMT-0400 (Atlantic Standard[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Thu Jan 24 2013 12:51:11 GMT-0400 (Atlantic Standard T[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1359036889");
Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon May 14 2012 09:41:34 GMT-0300 (Atlantic Da[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN10754089133514855");
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Mon Oct 29 2012 07:21:51 GMT-0300 (Atlantic Daylight Time)")[...]
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.cb_experience_000", "33");
Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423731303633343439333836365F3133353731333239[...]
Deleted : user_pref("CT2786678.backendstorage.cbcountry_000", "4341");
Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "4341");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4D6F6E204D617920313420323031322030393A34313A34322[...]
Deleted : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT2786678.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon May 14 2012 09:41:35 GMT-0300 (Atlantic[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Jan 23 2013 19:29:27 GMT-0400 (Atlantic [...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon May 14 2012 09:41:39 GMT-0300 (Atlantic [...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CT3072254..clientLogIsEnabled", false);
Deleted : user_pref("CT3072254..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072254..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072254.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072254.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072254.AppTrackingLastCheckTime", "Thu Aug 23 2012 07:38:43 GMT-0300 (Atlantic Dayligh[...]
Deleted : user_pref("CT3072254.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT3072254.BrowserCompStateIsOpen_129572934028070084", true);
Deleted : user_pref("CT3072254.BrowserCompStateIsOpen_129573914344030086", true);
Deleted : user_pref("CT3072254.CTID", "CT3072254");
Deleted : user_pref("CT3072254.CurrentServerDate", "24-1-2013");
Deleted : user_pref("CT3072254.DSInstall", false);
Deleted : user_pref("CT3072254.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072254.DialogsGetterLastCheckTime", "Thu Jan 24 2013 14:23:46 GMT-0400 (Atlantic Stand[...]
Deleted : user_pref("CT3072254.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072254.EMailNotifierCheckInterval", "5");
Deleted : user_pref("CT3072254.EMailNotifierLabelLength", 5);
Deleted : user_pref("CT3072254.EMailNotifierPollDate", "Thu Jan 24 2013 14:23:43 GMT-0400 (Atlantic Standard T[...]
Deleted : user_pref("CT3072254.EMailNotifierSound", "DEFAULT");
Deleted : user_pref("CT3072254.FirstServerDate", "19-3-2012");
Deleted : user_pref("CT3072254.FirstTime", true);
Deleted : user_pref("CT3072254.FirstTimeFF3", true);
Deleted : user_pref("CT3072254.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072254.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072254.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072254.HPInstall", false);
Deleted : user_pref("CT3072254.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072254.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072254.HomepageBeforeUnload", "hxxp://www.google.com/");
Deleted : user_pref("CT3072254.Initialize", true);
Deleted : user_pref("CT3072254.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072254.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072254.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT3072254.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3072254.InstalledDate", "Mon Mar 19 2012 09:58:08 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3072254.InvalidateCache", false);
Deleted : user_pref("CT3072254.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072254.IsGrouping", false);
Deleted : user_pref("CT3072254.IsInitSetupIni", true);
Deleted : user_pref("CT3072254.IsMulticommunity", false);
Deleted : user_pref("CT3072254.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072254.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072254.LanguagePackLastCheckTime", "Wed Jan 23 2013 19:29:30 GMT-0400 (Atlantic Standa[...]
Deleted : user_pref("CT3072254.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072254.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072254.LastLogin_3.10.0.1", "Thu Apr 12 2012 20:42:22 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072254.LastLogin_3.12.0.7", "Thu Apr 26 2012 10:18:21 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT3072254.LastLogin_3.12.2.3", "Wed May 30 2012 20:06:42 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT3072254.LastLogin_3.13.0.6", "Tue Jul 17 2012 06:56:10 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT3072254.LastLogin_3.14.1.0", "Tue Aug 28 2012 10:42:55 GMT-0300 (Atlantic Daylight Time[...]
Deleted : user_pref("CT3072254.LastLogin_3.15.1.0", "Thu Nov 08 2012 20:20:55 GMT-0400 (Atlantic Standard Time[...]
Deleted : user_pref("CT3072254.LastLogin_3.16.0.3", "Thu Jan 24 2013 12:51:13 GMT-0400 (Atlantic Standard Time[...]
Deleted : user_pref("CT3072254.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT3072254.Locale", "en");
Deleted : user_pref("CT3072254.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072254.MCDetectTooltipShow", false);
Deleted : user_pref("CT3072254.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072254.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072254.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072254.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT3072254.RadioIsPodcast", false);
Deleted : user_pref("CT3072254.RadioLastCheckTime", "Wed Jan 23 2013 19:29:26 GMT-0400 (Atlantic Standard Time[...]
Deleted : user_pref("CT3072254.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3072254.RadioLastUpdateServer", "0");
Deleted : user_pref("CT3072254.RadioMediaID", "9079041");
Deleted : user_pref("CT3072254.RadioMediaType", "Media Player");
Deleted : user_pref("CT3072254.RadioMenuSelectedID", "EBRadioMenu_CT3072254_RECENT9079041");
Deleted : user_pref("CT3072254.RadioShrinked", "expanded");
Deleted : user_pref("CT3072254.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3072254.RadioStationName", "Cool%20101%20The%20Oldies%20Station");
Deleted : user_pref("CT3072254.RadioStationURL", "hxxp://lightningstream.surfernetwork.com/Media/player/script[...]
Deleted : user_pref("CT3072254.RadioVolume", "100");
Deleted : user_pref("CT3072254.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3072254.SearchCaption", "uTorrentControl Customized Web Search");
Deleted : user_pref("CT3072254.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072254.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072254.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072254.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072254.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072254.SearchInNewTabLastCheckTime", "Wed Jan 23 2013 19:29:24 GMT-0400 (Atlantic Stan[...]
Deleted : user_pref("CT3072254.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072254.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072254.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072254.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072254.ServiceMapLastCheckTime", "Wed Jan 23 2013 19:29:27 GMT-0400 (Atlantic Standard[...]
Deleted : user_pref("CT3072254.SettingsLastCheckTime", "Thu Jan 24 2013 12:51:10 GMT-0400 (Atlantic Standard T[...]
Deleted : user_pref("CT3072254.SettingsLastUpdate", "1359036889");
Deleted : user_pref("CT3072254.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072254&SearchSource=13");
Deleted : user_pref("CT3072254.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072254.ThirdPartyComponentsLastCheck", "Sun Jan 20 2013 11:25:47 GMT-0400 (Atlantic St[...]
Deleted : user_pref("CT3072254.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072254.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072254.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072254");
Deleted : user_pref("CT3072254.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072254.UserID", "UN36835744433754625");
Deleted : user_pref("CT3072254.ValidationData_Search", 2);
Deleted : user_pref("CT3072254.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072254.WeatherNetwork", "");
Deleted : user_pref("CT3072254.WeatherPollDate", "Thu Jan 24 2013 14:00:11 GMT-0400 (Atlantic Standard Time)")[...]
Deleted : user_pref("CT3072254.WeatherUnit", "C");
Deleted : user_pref("CT3072254.alertChannelId", "1463703");
Deleted : user_pref("CT3072254.approveUntrustedApps", false);
Deleted : user_pref("CT3072254.autoDisableScopes", -1);
Deleted : user_pref("CT3072254.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313335383938343032322C227575[...]
Deleted : user_pref("CT3072254.backendstorage.bt_usage", "7B2275756964223A3139333938383233343836333238342C2273[...]
Deleted : user_pref("CT3072254.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3072254.backendstorage.cbfirsttime", "4D6F6E204D617220313920323031322030393A35383A32372[...]
Deleted : user_pref("CT3072254.backendstorage.url_history0001", "687474703A2F2F7777772E616D617A6F6E2E636F6D2F6[...]
Deleted : user_pref("CT3072254.components.1000034", true);
Deleted : user_pref("CT3072254.components.1000082", true);
Deleted : user_pref("CT3072254.components.1000234", true);
Deleted : user_pref("CT3072254.components.1000515", false);
Deleted : user_pref("CT3072254.components.129572934028070084", false);
Deleted : user_pref("CT3072254.components.129572934844292843", false);
Deleted : user_pref("CT3072254.components.129573914344030086", false);
Deleted : user_pref("CT3072254.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072254.globalFirstTimeInfoLastCheckTime", "Sat Jan 19 2013 10:43:18 GMT-0400 (Atlantic[...]
Deleted : user_pref("CT3072254.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072254.initDone", true);
Deleted : user_pref("CT3072254.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072254.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072254.myStuffEnabled", true);
Deleted : user_pref("CT3072254.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072254.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072254.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072254.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072254.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072254.oldAppsList", "129295695672325902,129571860080693691,111,129586117436877147,129[...]
Deleted : user_pref("CT3072254.revertSettingsEnabled", true);
Deleted : user_pref("CT3072254.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072254.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072254.testingCtid", "");
Deleted : user_pref("CT3072254.toolbarAppMetaDataLastCheckTime", "Wed Jan 23 2013 19:29:28 GMT-0400 (Atlantic [...]
Deleted : user_pref("CT3072254.toolbarContextMenuLastCheckTime", "Fri Jan 18 2013 09:23:28 GMT-0400 (Atlantic [...]
Deleted : user_pref("CT3072254.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit. ... /CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit. ... /CT3072254[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1174448/CA", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1459357/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT3072254", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT3072254",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... =EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"57d[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Luvfishn\\AppData\\Roaming\\Mozilla[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://youtube.conduitapps.com/v3.1.0/gadget.htm[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072254,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072254,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072254,CT2786678");
Deleted : user_pref("CommunityToolbar.globalUserId", "ed229aca-a886-4a7a-917f-689ed72dbe45");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 21 2013 09:15:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jan 23 2013 19:29:32 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jan 23 2013 19:29:24 GMT-0400 (A[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "b64ca8ca-7086-43be-adda-a9311d631987");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6PQCnzubnG&loc=FF_NT");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.50e2ed76c334c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.50f8306022f64.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.5106caf26b0fe.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", true);
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "DC0EA13B5126C0FD");
Deleted : user_pref("extensions.funmoods.instlDay", "15645");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:39:43");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10669");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "1258c0fd00000000000074e50b7aba97");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15524");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCnzubnG&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQCnzubnG");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543168626306504");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:25:46");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1082] : homepage = "hxxp://websearch.simplespeedy.info/",

*************************

AdwCleaner[R1].txt - [41263 octets] - [29/01/2013 10:23:58]
AdwCleaner[S1].txt - [41861 octets] - [29/01/2013 10:25:03]

########## EOF - C:\AdwCleaner[S1].txt - [41922 octets] ##########

I notice there is a high volume of views in this forum and a couple more members seeking help for the subject matter topic.
I suspect there are a lot of users out there that are experiencing the same annoying pop up.
I will continue to surf with both browsers for a couple of days and report back. In the mean time I am grateful for the
professional/knowledgeable assistance you have provided. My only regret is that I didn't discover "Malwareremoval.com" years ago :)
Regards.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 29th, 2013, 12:01 pm

Hello luvfishn,
Somewhere in my web searching I found a link to dl a program named "adwcleaner". I was a bit leery about using it. My frustration level by now was thru the roof so I executed it. Eureka! The program removed all residue traces of "click to save".
It was a really good idea! :)
Please don't forget to run the following to remove all unnecessary stuff:

AdwCleaner - Uninstall
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Uninstall.
  • Confirm with Yes.
I notice there is a high volume of views in this forum and a couple more members seeking help for the subject matter topic.
I suspect there are a lot of users out there that are experiencing the same annoying pop up.
I will continue to surf with both browsers for a couple of days and report back.
Usually infections are coming in waves and now your original problem is most popular for others.
In the mean time I am grateful for the professional/knowledgeable assistance you have provided. My only regret is that I didn't discover "Malwareremoval.com" years ago :)
Regards.
You are very welcome, luvfishn! :D

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 31st, 2013, 10:50 am

Hello pgmigg,

The problem malware popup is starting to rear its ugly head again! I have only had two incidences within the past two days. Both while using Firefox and none using IE Explorer browsers. However, I am concerned that the frequency may increase as time goes on. I captured a screen print of the popup and pasted into a MS Word document for your reference. However, I am unable to paste it into this post. Here is a copy of the web address (url) that is displayed in firefox.

//nym1.ib.adnxs.com/pop?enc=6Z51jZbjGEDpnnWNluMYQAAAAAAAAPA_6Z51jZbjGEDpnnWNluMYQCNu2-YOpFhQ-qqCexCnt1o3gApRAAAAAPRnDQAdAgAAHQIAAAIAAAA9k0kAlEECAAAAAQBVU0QAVVNEAOcD5wMHBAAAAAAAAgQCAQUAAIQAoSPz9QAAAAA.&cnd=!0iJQLgiC3DoQvaamAhgAIJSDCTADOIeICEAESJ0EUPTPNVgAYPoEaABwAHgAgAEAiAEAkAEBmAEBoAEKqAEAsAEAuQFqyoOpluMYQMEBasqDqZbjGEDJASwu4YyMFQJA2QEAAAAAAADwP-ABu40C&udj=uf%28%27a%27%2C+33034%2C+1359642679%29%3Buf%28%27r%27%2C+4821821%2C+1359642679%29%3Bppv%2821228%2C+%275789557704894410275%27%2C+1359642679%2C+1359685879%2C+962050%2C+147860%2C+0%2C+4%2C+10368000%29%3B&ccd=!GAWMLgiC3DoQvaamAhiUgwkgBA..&vpid=45&apid=117225&referrer=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2F&dlo=1

It is interesting to note at the tail end of the string it references "www.malwareremoval.com%2Fforum%2F&dlo=1"
:(
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 31st, 2013, 7:41 pm

Hello luvfishn,
The problem malware popup is starting to rear its ugly head again! I have only had two incidences within the past two days. Both while using Firefox and none using IE Explorer browsers. However, I am concerned that the frequency may increase as time goes on. I captured a screen print of the popup and pasted into a MS Word document for your reference. However, I am unable to paste it into this post. Here is a copy of the web address (url) that is displayed in firefox.
Theoretically speaking, nobody can guarantee you that after your computer was proved as clean (means clean by the level of used scanners) you will never get any infection again. The probability of getting infection depends on many factors and you don't need to worry for seldom popups you get from time to time...

However, let do the following:

Step 1.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Mozilla Firefox
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer using Internet Explorer and save it to your Desktop.

Download fresh and latest Firefox
  1. Please open Firefox via Internet Explorer.
  2. Select and click on DESKTOP link instead of MOBILE opened by default.
  3. Click on Firefox Free Download green field and safe Firefox Setup 18.0.1.exe on the Desktop.

Step 4.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 5.
Install fresh Firefox
  1. Right click on Firefox Setup 18.0.1.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Then follow installation prompts...

Step 6.
OTL-Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Please post the contents of JRT.txt into your next reply.

Finally, I guess you need to continue to surf Internet in normal conditions with both browsers during a month at least. Then if questionable popups will come regularly you can open a new topic here...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » February 1st, 2013, 10:33 am

Hello pgmigg. Thank you once again for your response and guidance. :)

I agree with you that a couple of popups over a couple of days isn't cause for concern.
I thought it best to 'nip it in the bud' before it could escalate to a more frequent
occurrence. Also in consideration of the amount of time we both spent on eradicating this
particular subject popup I felt obligated to report back to this forum. There are
currently over 600 views of this post indicating a substantial interest. I hope I am not
being perceived as a 'whiner'. :) Per your request I will surf for a couple of months and
repost the as a new topic if the "NYM1.IB.ADNXS.COM popup problem" becomes unmanageable in the future.
Accolades to you and this fantastic forum!

Per your instructions all 6 steps have been completed. Here is the content of the
JRT.txt file:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows 7 Home Premium x64
Ran by Luvfishn on Fri 02/01/2013 at 8:51:21.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-941371534-4025170946-3007303680-1000\software\web assistant"
Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\ProgramData\continuetosave"
Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Luvfishn\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Luvfishn\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Luvfishn\AppData\Roaming\speedmaxpc"
Successfully deleted: [Folder] "C:\Users\Luvfishn\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\Luvfishn\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Luvfishn\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Luvfishn\appdata\locallow\continuetosave"
Successfully deleted: [Folder] "C:\Users\Luvfishn\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\continuetosave"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Luvfishn\AppData\Roaming\mozilla\firefox\profiles\uldhlbwj.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Luvfishn\AppData\Roaming\mozilla\firefox\profiles\uldhlbwj.default\extensions\plugin@selectionlinks.com
Successfully deleted the following from C:\Users\Luvfishn\AppData\Roaming\mozilla\firefox\profiles\uldhlbwj.default\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
Emptied folder: C:\Users\Luvfishn\AppData\Roaming\mozilla\firefox\profiles\uldhlbwj.default\minidumps [102 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/01/2013 at 8:56:27.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Have A Great Day !
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » February 1st, 2013, 12:57 pm

Hello luvfishn,
Thank you once again for your response and guidance.
You are very welcome, luvfishn! :D
I agree with you that a couple of popups over a couple of days isn't cause for concern.
I thought it best to 'nip it in the bud' before it could escalate to a more frequent
occurrence. Also in consideration of the amount of time we both spent on eradicating this
particular subject popup I felt obligated to report back to this forum.
I think that time consumption is not an issue here - every helper will spend as much time as needed.
There are currently over 600 views of this post indicating a substantial interest. I hope I am not being perceived as a 'whiner'. :)
The number of views on this forum has more specific meaning than on most other forums - you don't need to forget that this forum existed inside of Malware Removal University and every topic used for learning purposes also.
Per your instructions all 6 steps have been completed. Here is the content of the JRT.txt file
I believe after analyzing of this log that you computer is clean and I hope you can keep it in such conditions as much as possible...

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby deltalima » February 4th, 2013, 3:48 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware