Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Questscan issue part 2 CC Gary R

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 10:24 am

Sorry for my delay as well. If I need to repost anything, let me know.

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 09:16:43
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : The Roberts' - LILLAPPER
# Boot Mode : Normal
# Running from : C:\Users\The Roberts'\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
Folder Found : C:\Program Files\QuestScan
Folder Found : C:\Program Files\SelectRebates
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\QuestScan
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\The Roberts'\AppData\Local\Conduit
Folder Found : C:\Users\The Roberts'\AppData\Local\PackageAware
Folder Found : C:\Users\The Roberts'\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\Conduit
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\ConduitCommon
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\CT2559647
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\CT2786678
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\CT3003485
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealScout
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestScan
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\QuestScan
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Found : HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Found : HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\prefs.js

Found : user_pref("CT2559647..clientLogIsEnabled", true);
Found : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2559647.AppTrackingLastCheckTime", "Sun Jul 17 2011 08:59:46 GMT-0500 (Central Daylight[...]
Found : user_pref("CT2559647.CT2559647", "CT2559647");
Found : user_pref("CT2559647.CurrentServerDate", "29-7-2011");
Found : user_pref("CT2559647.DialogsAlignMode", "LTR");
Found : user_pref("CT2559647.DialogsGetterLastCheckTime", "Wed Jul 27 2011 12:43:43 GMT-0500 (Central Daylig[...]
Found : user_pref("CT2559647.DownloadReferralCookieData", "");
Found : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Fri Jul 29 2011 00:08:49 GMT-050[...]
Found : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Fri Jul 29 2011 00:08:49 GMT-050[...]
Found : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Fri Jul 29 2011 00:08:49 GMT-050[...]
Found : user_pref("CT2559647.FirstServerDate", "2-5-2011");
Found : user_pref("CT2559647.FirstTime", true);
Found : user_pref("CT2559647.FirstTimeFF3", true);
Found : user_pref("CT2559647.FixPageNotFoundErrors", false);
Found : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2559647.HasUserGlobalKeys", true);
Found : user_pref("CT2559647.HomePageProtectorEnabled", false);
Found : user_pref("CT2559647.Initialize", true);
Found : user_pref("CT2559647.InitializeCommonPrefs", true);
Found : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Found : user_pref("CT2559647.InstalledDate", "Mon May 02 2011 11:03:44 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2559647.IsAlertDBUpdated", true);
Found : user_pref("CT2559647.IsGrouping", false);
Found : user_pref("CT2559647.IsMulticommunity", false);
Found : user_pref("CT2559647.IsOpenThankYouPage", true);
Found : user_pref("CT2559647.IsOpenUninstallPage", true);
Found : user_pref("CT2559647.LanguagePackLastCheckTime", "Thu Jul 28 2011 12:43:43 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2559647.LastLogin_3.3.3.2", "Wed Jun 22 2011 08:32:22 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2559647.LastLogin_3.5.0.12", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2559647.LatestVersion", "3.3.3.2");
Found : user_pref("CT2559647.Locale", "en");
Found : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2559647.MyStuffEnabledAtInstallation", false);
Found : user_pref("CT2559647.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2559647.SearchEngineBeforeUnload", " ");
Found : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Found : user_pref("CT2559647.SearchInNewTabEnabled", true);
Found : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Thu Jul 28 2011 12:43:32 GMT-0500 (Central Dayli[...]
Found : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2559647.SearchProtectorEnabled", true);
Found : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2559647.ServiceMapLastCheckTime", "Thu Jul 28 2011 12:43:34 GMT-0500 (Central Daylight [...]
Found : user_pref("CT2559647.SettingsLastCheckTime", "Fri Jul 29 2011 00:08:48 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2559647.SettingsLastUpdate", "1311168866");
Found : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 11:00:50 GMT-0500 (Central Day[...]
Found : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2559647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Found : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2559647.UserID", "UN66502077602924817");
Found : user_pref("CT2559647.alertChannelId", "952537");
Found : user_pref("CT2559647.approveUntrustedApps", true);
Found : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central [...]
Found : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2559647.initDone", true);
Found : user_pref("CT2559647.isAppTrackingManagerOn", true);
Found : user_pref("CT2559647.myStuffEnabled", true);
Found : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129404749084494749,129[...]
Found : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2559647.testingCtid", "");
Found : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Thu Jul 28 2011 12:43:41 GMT-0500 (Central D[...]
Found : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Jul 28 2011 11:00:59 GMT-0500 (Central D[...]
Found : user_pref("CT2559647.usagesFlag", 1);
Found : user_pref("CT2786678..clientLogIsEnabled", true);
Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Sun Jul 17 2011 08:59:46 GMT-0500 (Central Daylight[...]
Found : user_pref("CT2786678.CTID", "CT2786678");
Found : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2786678.CurrentServerDate", "29-7-2011");
Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Jul 27 2011 12:43:43 GMT-0500 (Central Daylig[...]
Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Found : user_pref("CT2786678.EMailNotifierPollDate", "Fri Jul 29 2011 00:20:31 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 489);
Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2786678.FirstServerDate", "23-6-2011");
Found : user_pref("CT2786678.FirstTime", true);
Found : user_pref("CT2786678.FirstTimeFF3", true);
Found : user_pref("CT2786678.FixPageNotFoundErrors", true);
Found : user_pref("CT2786678.GroupingInvalidateCache", false);
Found : user_pref("CT2786678.GroupingLastCheckTime", "0");
Found : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Found : user_pref("CT2786678.HomePageProtectorEnabled", false);
Found : user_pref("CT2786678.Initialize", true);
Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2786678.InstalledDate", "Thu Jun 23 2011 09:37:24 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2786678.InvalidateCache", false);
Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Found : user_pref("CT2786678.IsGrouping", false);
Found : user_pref("CT2786678.IsInitSetupIni", true);
Found : user_pref("CT2786678.IsMulticommunity", false);
Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Found : user_pref("CT2786678.IsOpenUninstallPage", true);
Found : user_pref("CT2786678.IsProtectorsInit", true);
Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Jul 28 2011 12:43:43 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2786678.LastLogin_3.5.0.12", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2786678.LatestVersion", "3.3.3.2");
Found : user_pref("CT2786678.Locale", "en");
Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Found : user_pref("CT2786678.RadioLastCheckTime", "0");
Found : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2786678.RadioLastUpdateServer", "0");
Found : user_pref("CT2786678.SearchEngineBeforeUnload", " ");
Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Jul 28 2011 12:43:32 GMT-0500 (Central Dayli[...]
Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2786678.SearchProtectorEnabled", true);
Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Jul 28 2011 12:43:36 GMT-0500 (Central Daylight [...]
Found : user_pref("CT2786678.SettingsLastCheckTime", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2786678.SettingsLastUpdate", "1311517341");
Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 11:01:01 GMT-0500 (Central Day[...]
Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2786678.UserID", "UN20750734419670386");
Found : user_pref("CT2786678.WeatherNetwork", "");
Found : user_pref("CT2786678.WeatherPollDate", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2786678.WeatherUnit", "C");
Found : user_pref("CT2786678.alertChannelId", "1178763");
Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F742E636F2F4A72364456735A");
Found : user_pref("CT2786678.backendstorage.url_history_time", "31333131393136343831383933");
Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central [...]
Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2786678.initDone", true);
Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Found : user_pref("CT2786678.myStuffEnabled", true);
Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12929569801701[...]
Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Found : user_pref("CT2786678.testingCtid", "");
Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Jul 28 2011 12:43:42 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Jul 28 2011 11:01:04 GMT-0500 (Central D[...]
Found : user_pref("CT3003485..clientLogIsEnabled", true);
Found : user_pref("CT3003485..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3003485..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3003485.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3003485.CT3003485", "CT3003485");
Found : user_pref("CT3003485.CurrentServerDate", "29-7-2011");
Found : user_pref("CT3003485.DialogsAlignMode", "LTR");
Found : user_pref("CT3003485.DialogsGetterLastCheckTime", "Wed Jul 27 2011 17:23:48 GMT-0500 (Central Daylig[...]
Found : user_pref("CT3003485.DownloadReferralCookieData", "");
Found : user_pref("CT3003485.ExternalComponentPollDate129491538130487928", "Wed Jul 27 2011 12:43:40 GMT-050[...]
Found : user_pref("CT3003485.FirstServerDate", "18-7-2011");
Found : user_pref("CT3003485.FirstTime", true);
Found : user_pref("CT3003485.FirstTimeFF3", true);
Found : user_pref("CT3003485.FixPageNotFoundErrors", false);
Found : user_pref("CT3003485.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3003485.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3003485.HasUserGlobalKeys", true);
Found : user_pref("CT3003485.Initialize", true);
Found : user_pref("CT3003485.InitializeCommonPrefs", true);
Found : user_pref("CT3003485.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3003485.InstalledDate", "Sun Jul 17 2011 19:07:43 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3003485.InvalidateCache", false);
Found : user_pref("CT3003485.IsAlertDBUpdated", true);
Found : user_pref("CT3003485.IsGrouping", false);
Found : user_pref("CT3003485.IsInitSetupIni", true);
Found : user_pref("CT3003485.IsMulticommunity", false);
Found : user_pref("CT3003485.IsOpenThankYouPage", true);
Found : user_pref("CT3003485.IsOpenUninstallPage", true);
Found : user_pref("CT3003485.IsProtectorsInit", true);
Found : user_pref("CT3003485.LanguagePackLastCheckTime", "Thu Jul 28 2011 12:43:44 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT3003485.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3003485.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3003485.LastLogin_3.5.0.12", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3003485.LatestVersion", "3.3.3.2");
Found : user_pref("CT3003485.Locale", "en");
Found : user_pref("CT3003485.MCDetectTooltipHeight", "83");
Found : user_pref("CT3003485.MCDetectTooltipShow", false);
Found : user_pref("CT3003485.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3003485.MCDetectTooltipWidth", "295");
Found : user_pref("CT3003485.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3003485.OriginalFirstVersion", "3.5.0.12");
Found : user_pref("CT3003485.RadioIsPodcast", false);
Found : user_pref("CT3003485.RadioLastCheckTime", "Sun Jul 17 2011 19:07:41 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3003485.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3003485.RadioLastUpdateServer", "3");
Found : user_pref("CT3003485.RadioMediaID", "9962");
Found : user_pref("CT3003485.RadioMediaType", "Media Player");
Found : user_pref("CT3003485.RadioMenuSelectedID", "EBRadioMenu_CT30034859962");
Found : user_pref("CT3003485.RadioShrinkedFromSetup", false);
Found : user_pref("CT3003485.RadioStationName", "California%20Rock");
Found : user_pref("CT3003485.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3003485.SearchEngineBeforeUnload", " ");
Found : user_pref("CT3003485.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3003485.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]
Found : user_pref("CT3003485.SearchInNewTabEnabled", true);
Found : user_pref("CT3003485.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3003485.SearchInNewTabLastCheckTime", "Thu Jul 28 2011 12:43:40 GMT-0500 (Central Dayli[...]
Found : user_pref("CT3003485.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3003485.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT3003485.SearchProtectorEnabled", false);
Found : user_pref("CT3003485.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3003485.ServiceMapLastCheckTime", "Thu Jul 28 2011 12:43:41 GMT-0500 (Central Daylight [...]
Found : user_pref("CT3003485.SettingsLastCheckTime", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT3003485.SettingsLastUpdate", "1311779751");
Found : user_pref("CT3003485.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3003485.ThirdPartyComponentsLastCheck", "Sun Jul 17 2011 19:07:39 GMT-0500 (Central Day[...]
Found : user_pref("CT3003485.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT3003485.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3003485.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3003485");
Found : user_pref("CT3003485.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3003485.UserID", "UN41284519242793283");
Found : user_pref("CT3003485.ValidationData_Toolbar", 2);
Found : user_pref("CT3003485.alertChannelId", "1395219");
Found : user_pref("CT3003485.approveUntrustedApps", false);
Found : user_pref("CT3003485.components.1000082", false);
Found : user_pref("CT3003485.components.1000515", false);
Found : user_pref("CT3003485.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3003485.globalFirstTimeInfoLastCheckTime", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central [...]
Found : user_pref("CT3003485.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3003485.initDone", true);
Found : user_pref("CT3003485.isAppTrackingManagerOn", true);
Found : user_pref("CT3003485.isFirstRadioInstallation", false);
Found : user_pref("CT3003485.myStuffEnabled", true);
Found : user_pref("CT3003485.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3003485.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3003485.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3003485.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3003485.oldAppsList", "129491538127987918,129491538128456672,111,129491538128612923,129[...]
Found : user_pref("CT3003485.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3003485.searchProtectorEnableByLogin", true);
Found : user_pref("CT3003485.testingCtid", "");
Found : user_pref("CT3003485.toolbarAppMetaDataLastCheckTime", "Thu Jul 28 2011 12:43:44 GMT-0500 (Central D[...]
Found : user_pref("CT3003485.toolbarContextMenuLastCheckTime", "Sun Jul 17 2011 19:07:43 GMT-0500 (Central D[...]
Found : user_pref("CT3003485.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2559647");
Found : user_pref("CommunityToolbar.ConduitSearchList", " ");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1174448/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1390878/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /948310/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2559647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2786678", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT3003485", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2559647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2786678",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT3003485",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 647&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 678&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 485&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2559647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT3003485[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\The Roberts'\\AppData\\Roaming\\Moz[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT2786678,CT3003485");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT2786678,CT3003485");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3003485");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 02 2011 11:03:33 GMT-05[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 08:32:28 GMT-0500 (Centr[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 08:32:20 GMT-0500 (Central D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "f66e9795-754f-4b79-9e4b-facde362c986");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jul 28 2011 12:43:33 GMT-0500 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "49da36e1-f704-461d-8484-3907fc72eeb1");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 28 2011 13:36:2[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Jul 28 2011 12:43:43 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 28 2011 12:43:33 GMT-0500 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "d2363457-460b-4af5-b0f4-f6817e1471d2");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea[...]

*************************

AdwCleaner[R1].txt - [34918 octets] - [25/06/2013 09:16:50]

########## EOF - C:\AdwCleaner[R1].txt - [34979 octets] ##########
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm
Advertisement
Register to Remove

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 10:44 am

OTL logfile created on: 6/25/2013 9:20:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Roberts'\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 19.23% Memory free
4.11 Gb Paging File | 2.52 Gb Available in Paging File | 61.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.37 Gb Total Space | 15.66 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.69 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 8.42 Gb Total Space | 1.80 Gb Free Space | 21.42% Space Free | Partition Type: NTFS

Computer Name: LILLAPPER | User Name: The Roberts' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/25 09:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Roberts'\Desktop\OTL.exe
PRC - [2013/06/25 09:15:55 | 000,052,648 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jp2launcher.exe
PRC - [2013/06/25 09:15:46 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\java.exe
PRC - [2013/06/25 09:09:57 | 000,742,408 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2013/05/11 17:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\The Roberts'\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/04/29 15:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1196209457\ee\aolsoftware.exe
PRC - [2005/11/08 17:25:00 | 000,647,242 | ---- | M] () -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/25 09:15:55 | 000,016,808 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2native.dll
MOD - [2013/05/11 17:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/04/29 15:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2011/01/19 15:22:28 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/01/19 15:22:26 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2011/01/19 15:22:26 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2007/04/23 20:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/04/23 20:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/04/23 20:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/04/23 20:11:34 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/04/23 20:10:44 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Services (SafeList) ==========

SRV - [2013/06/25 09:09:57 | 000,742,408 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2013/06/17 19:23:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/17 14:10:52 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/08/29 18:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/11/08 17:25:00 | 000,647,242 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\THEROB~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/25 09:09:58 | 000,117,792 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/25 06:11:32 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/01/25 06:11:30 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/01/25 06:11:24 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/01/25 06:11:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/01/11 10:29:36 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/06/24 07:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/19 12:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 12:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 12:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 18:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/01 15:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKLM\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN193&keywords={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\.DEFAULT\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN193&keywords={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-18\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QstscanPB&keywords={searchTerms}
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/17 19:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/25 09:17:51 | 000,000,000 | ---D | M]

[2008/09/15 12:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Extensions
[2013/06/18 10:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions
[2011/06/23 09:36:27 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/08/04 12:38:23 | 000,000,000 | ---D | M] (Mapit Community Toolbar) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)
[2011/06/23 09:36:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/12/19 15:10:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com
[2013/06/18 10:35:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/06/20 14:07:48 | 000,000,863 | ---- | M] () -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\conduit.xml
[2013/06/17 19:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/15 20:50:34 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2011/08/03 20:11:21 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}(6)
[2013/06/17 19:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/17 19:40:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2013/02/04 23:17:32 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1196209457\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP-Diags] C:\Program Files\Hewlett-Packard\HP Battery Check\HPDOM\HPDiags.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000..\Run: [Akamai NetSession Interface] C:\Users\The Roberts'\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Users\The Roberts'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layou ... anvasx.cab (JordanUploader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA65BA01-6B0E-4023-AC60-9E29D02C2C98}: DhcpNameServer = 192.168.43.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\The Roberts'\Pictures\Church Backgrounds\Sky.jpg
O24 - Desktop BackupWallPaper: C:\Users\The Roberts'\Pictures\Church Backgrounds\Sky.jpg
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 21:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{77716eb8-518c-11de-9e4a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{77716eb8-518c-11de-9e4a-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a961d791-49b6-11df-a0c5-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a961d791-49b6-11df-a0c5-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dccf9524-611e-11de-a76f-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dccf9524-611e-11de-a76f-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/25 09:18:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Roberts'\Desktop\OTL.exe
[2013/06/25 09:17:51 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/06/25 09:17:51 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/25 09:17:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/25 09:17:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/25 09:17:27 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/25 09:12:18 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/06/25 09:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/06/25 09:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/06/18 11:15:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/18 11:15:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/18 11:15:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/18 11:15:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/18 11:15:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/18 11:15:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/18 11:15:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/18 11:15:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/18 10:33:48 | 000,000,000 | ---D | C] -- C:\Users\The Roberts'\AppData\Local\Macromedia
[2013/06/17 19:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/06/17 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/06/17 19:34:46 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/17 19:34:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/17 19:34:02 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/17 19:34:02 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/17 19:34:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/06/17 19:33:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/06/17 19:33:40 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/06/17 19:33:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/06/17 19:33:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/17 19:32:56 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/06/17 19:31:57 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/06/17 19:31:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/17 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2013/06/17 19:05:20 | 000,151,728 | ---- | C] (Webroot) -- C:\Windows\System32\WRusr.dll
[2013/06/17 19:05:20 | 000,117,792 | ---- | C] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2013/06/17 19:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2013/06/17 19:03:13 | 000,000,000 | ---D | C] -- C:\Users\The Roberts'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NBC Direct Beta
[4 C:\Users\The Roberts'\Documents\*.tmp files -> C:\Users\The Roberts'\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/25 09:22:47 | 000,075,264 | ---- | M] () -- C:\Users\The Roberts'\Desktop\SystemLook.exe
[2013/06/25 09:22:23 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/25 09:19:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/25 09:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Roberts'\Desktop\OTL.exe
[2013/06/25 09:18:32 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 09:18:32 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 09:15:59 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/25 09:15:46 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/06/25 09:15:46 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/06/25 09:15:46 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/25 09:15:46 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/25 09:15:46 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/25 09:14:33 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-LILLAPPER-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/06/25 09:14:06 | 000,648,201 | ---- | M] () -- C:\Users\The Roberts'\Desktop\adwcleaner.exe
[2013/06/25 09:11:55 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/06/25 09:10:00 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/06/25 09:09:58 | 000,151,728 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll
[2013/06/25 09:09:58 | 000,117,792 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2013/06/25 09:06:52 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/06/25 09:06:06 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013/06/25 09:06:03 | 000,103,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/25 09:05:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/25 09:01:59 | 000,354,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/25 09:01:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/25 09:00:02 | 2079,150,080 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 10:22:35 | 000,001,356 | ---- | M] () -- C:\Users\The Roberts'\AppData\Local\d3d9caps.dat
[2013/06/17 19:54:07 | 000,103,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/17 19:40:30 | 000,000,872 | ---- | M] () -- C:\Users\The Roberts'\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/17 19:40:29 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/17 19:23:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/17 19:23:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\Users\The Roberts'\Documents\*.tmp files -> C:\Users\The Roberts'\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/25 09:22:44 | 000,075,264 | ---- | C] () -- C:\Users\The Roberts'\Desktop\SystemLook.exe
[2013/06/25 09:14:33 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LILLAPPER-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/06/25 09:13:50 | 000,648,201 | ---- | C] () -- C:\Users\The Roberts'\Desktop\adwcleaner.exe
[2013/06/25 09:11:55 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/06/17 19:43:32 | 000,103,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2013/06/17 19:43:24 | 000,103,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2013/06/17 19:05:23 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2011/06/03 11:16:51 | 000,000,000 | ---- | C] () -- C:\Users\The Roberts'\AppData\Local\{8C3B974F-1FEC-484B-8961-74C2E2AD73A3}
[2011/05/13 22:33:31 | 000,000,000 | ---- | C] () -- C:\Users\The Roberts'\AppData\Local\{8D87C502-BB92-4CEE-8A83-250FFE739F39}
[2008/07/18 18:31:08 | 000,000,004 | ---- | C] () -- C:\Users\The Roberts'\AppData\Roaming\0E2F55
[2008/07/18 18:31:07 | 000,870,128 | ---- | C] () -- C:\Users\The Roberts'\AppData\Roaming\mcs.rma
[2008/06/29 10:22:41 | 000,001,356 | ---- | C] () -- C:\Users\The Roberts'\AppData\Local\d3d9caps.dat
[2007/11/26 00:31:01 | 000,013,824 | ---- | C] () -- C:\Users\The Roberts'\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/24 19:32:19 | 000,000,000 | ---- | C] () -- C:\Users\The Roberts'\AppData\Roaming\wklnhst.dat
[2007/11/24 17:18:52 | 000,089,416 | ---- | C] () -- C:\Users\The Roberts'\AppData\Roaming\nvModes.001
[2007/11/24 17:16:49 | 000,089,416 | ---- | C] () -- C:\Users\The Roberts'\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/07 18:58:15 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\Amazon
[2010/09/29 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\LimeWire
[2008/03/24 19:48:05 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\MAGIX
[2011/05/18 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\MSNInstaller
[2008/07/18 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\Smith Micro
[2007/11/24 19:32:20 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\Template
[2011/08/11 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\uTorrent
[2007/11/24 19:34:23 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 10:44 am

OTL Extras logfile created on: 6/25/2013 9:20:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Roberts'\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 19.23% Memory free
4.11 Gb Paging File | 2.52 Gb Available in Paging File | 61.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.37 Gb Total Space | 15.66 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.69 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 8.42 Gb Total Space | 1.80 Gb Free Space | 21.42% Space Free | Partition Type: NTFS

Computer Name: LILLAPPER | User Name: The Roberts' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FF279E4-C347-4FF1-9FF2-D58DDD471B1B}" = lport=49345 | protocol=6 | dir=in | name=akamai netsession interface |
"{3B3B8250-245D-457B-BA60-EA3ED851E079}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64E21AE4-62F0-4AEE-9E31-54D63434B0F0}" = lport=59030 | protocol=6 | dir=in | name=pandorest listening port |
"{68B33447-55AE-4194-BA79-619567FB3BB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6A93D4C0-16D8-4AFA-9692-3D9BADCECCAE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6AFC5CD8-825A-4D3D-920F-0E03A9EE9F37}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D0D04711-03EF-4965-A367-D68F90B7955C}" = lport=62497 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C7D6AB8-7D0B-49DC-9263-82400E120449}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E7CD4B0-5C7B-4182-8E47-908AD1D3631A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1F783DAB-BB96-48F4-92E4-78D6F6BED52D}" = protocol=17 | dir=in | app=c:\users\the roberts'\appdata\local\akamai\netsession_win.exe |
"{25B2698A-3D5F-4933-A3D4-0567CD55E669}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2E47814F-7165-4EF2-AE36-5824D11CFF37}" = protocol=17 | dir=in | app=c:\program files\ubisoft\lost via domus\yeti_final_win32.exe |
"{34A22934-6F9C-47B8-9F48-D0C72940702B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3CE176F6-FE31-44AF-8716-6E963E16C8C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4CEF0594-E53D-455F-8B96-1243E2041B56}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4E7E8F29-8988-4760-A24E-67D79BD7B40D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52FF7440-EB2E-471F-94D6-476951EE91E3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\lost via domus\yeti_final_win32.exe |
"{59313F69-DB9C-4D5B-8256-304D0A2F7FCD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{5973C057-CA45-4EEC-A657-3732F71BEA12}" = protocol=17 | dir=in | app=c:\program files\ubisoft\lost via domus\detection\launcher.exe |
"{6384B636-B0ED-4286-BD28-98FD2B0AF267}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{72E54C20-0A15-42FF-9A95-888A5E71DB37}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{7528C9F9-5F63-4907-820E-5AE2980E0288}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{75EA7A45-105B-4D3A-BAD5-C88C456724E9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{84406CD4-5D7E-4552-80E9-BD240E4A0346}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{85777A53-A9B8-487C-8BB3-834527BFD7E2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9CAB6D94-5FE8-4935-B63C-99EA5FFF52CD}" = protocol=6 | dir=in | app=c:\users\the roberts'\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{9D3B1300-9191-4945-821E-149AE0076E3D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A8B0625C-0D90-43E0-BF9B-ADBD1750FCBE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{A98C1A79-5F7C-4BF2-AB7C-0C95AEE4963C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B44C34ED-D60F-48A9-9D62-8E73E66AABD5}" = protocol=6 | dir=in | app=c:\users\the roberts'\appdata\local\akamai\netsession_win.exe |
"{BC3988F2-CA6C-4AB8-B579-ADD655E30E40}" = protocol=6 | dir=in | app=c:\program files\ubisoft\lost via domus\gu.exe |
"{BD0C338B-0175-43EB-8E50-502F4F30E264}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD66770E-C9F6-4250-A095-42B33BB1ADA7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BE151EA7-439E-4D97-9BFE-A0512BD872FA}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{CA4F1FD8-9023-442B-98AE-4B614639B0C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D16E4924-568A-47E4-B039-E664B5AE99AD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\lost via domus\gu.exe |
"{DD62EE58-8AF8-4506-A695-BEAC2E6AF9E2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\lost via domus\detection\launcher.exe |
"{DF925325-A3E2-4699-802B-5CD59958DF2D}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{E230856B-4A8C-467F-93E3-26185C4B5B38}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9A2201F-0316-4990-9FF4-BD92ECD9F2EB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F0BE8833-6BDC-4480-A7EE-40733F7A80A5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{F5D47B02-8713-4D9C-97A3-975EC3BFCEA2}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{F86521EC-F013-4DEC-8ECF-394A3BA411AD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FEECF015-C2A8-4438-8132-EEECDF91AF87}" = protocol=17 | dir=in | app=c:\users\the roberts'\appdata\local\temp\wzse0.tmp\symnrt.exe |
"TCP Query User{02963CDC-2C23-4E23-B85A-F08D44971233}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{1E297D0F-2468-4D68-853F-EEFD51A12F77}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{492A1EF5-9037-4BB2-812F-C9D5E56E720A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{50995A42-C27E-4E81-99D0-54833BB021B5}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{638AE3AD-17E6-4B9B-80C6-CC334B5D360F}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"TCP Query User{AC609C7C-B2BB-48AD-BC5C-E1BF22678371}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"TCP Query User{DE17A1ED-79A0-47CA-874D-E05BB5F7CB4D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{F748AE37-5A1A-41A4-8A63-8C8FD7176E13}C:\users\the roberts'\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\the roberts'\appdata\local\akamai\netsession_win.exe |
"UDP Query User{09163FDE-1320-4C7B-A5F7-F1632D81744F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0918DC7C-650F-419E-B514-ED1292F97FBE}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"UDP Query User{2F9DAACB-A721-438A-9CF7-D01C93DEA10E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{41A29EE9-64A8-4717-B2F2-57A5BA16870D}C:\users\the roberts'\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\the roberts'\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8BD77959-33F6-43B2-9C16-7D20965CC386}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{B9ABF8A3-D1AF-49AF-A122-C67BB16CDB68}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"UDP Query User{D570A046-C397-43C1-A6C1-BCF5F5768F45}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{DFBC456A-6FDA-4C67-8636-E8F80F525108}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B25BB26-A1EC-4A23-AB6C-211E57B67777}" = LightScribe System Software
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A647B7A-9FE7-44A2-9041-C04528D44EB9}" = NBC Direct Beta
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADF98CF7-1458-412F-976F-BF761A26F2A0}" = Alohabob PC Relocator Ultra Control
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7139249-8631-4E4E-ADDE-DBBF2D770E0F}" = PC Backup Lite
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition (US)
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{ADF98CF7-1458-412F-976F-BF761A26F2A0}" = Alohabob PC Relocator Ultra Control
"InstallShield_{E7139249-8631-4E4E-ADDE-DBBF2D770E0F}" = PC Backup Lite
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PdaNet_is1" = PdaNet for Android 3.00
"QuestScan" = QuestScan 1.0 build 193
"Rhapsody" = Rhapsody
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WRUNINST" = Webroot SecureAnywhere

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2010 6:25:05 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 1:25:05 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 4:25:05 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 4:29:31 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 5:10:30 AM | Computer Name = LilLapper | Source = MsiInstaller | ID = 11935
Description =

Error - 8/23/2010 5:11:34 AM | Computer Name = LilLapper | Source = MsiInstaller | ID = 11935
Description =

Error - 8/23/2010 5:25:06 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 5:29:31 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 6:25:06 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

Error - 8/23/2010 6:29:31 AM | Computer Name = LilLapper | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 3/13/2008 2:39:37 PM | Computer Name = LilLapper | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/1/2008 10:36:27 PM | Computer Name = LilLapper | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/25/2009 9:09:25 AM | Computer Name = LilLapper | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/19/2010 6:02:53 PM | Computer Name = LilLapper | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 2/4/2013 11:42:55 PM | Computer Name = LilLapper | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7463043
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/25/2013 10:03:00 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2013 10:04:29 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7022
Description =

Error - 6/25/2013 10:04:31 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7022
Description =

Error - 6/25/2013 10:04:34 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7022
Description =

Error - 6/25/2013 10:04:34 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7001
Description =

Error - 6/25/2013 10:04:34 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7026
Description =

Error - 6/25/2013 10:05:27 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7031
Description =

Error - 6/25/2013 10:06:25 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7031
Description =

Error - 6/25/2013 10:07:25 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7009
Description =

Error - 6/25/2013 10:07:25 AM | Computer Name = LilLapper | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 10:50 am

posting Systemlook next, but here are fresh DDS logs
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2007 8:45:36 PM
System Uptime: 6/25/2013 8:59:33 AM (1 hours ago)
.
Motherboard: Quanta | | 30D1
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 103 GiB total, 15.387 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 111.691 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.803 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #9
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11
AGEIA PhysX v7.11.13
Akamai NetSession Interface
Akamai NetSession Interface Service
Alohabob PC Relocator Ultra Control
Amazon MP3 Downloader 1.0.12
AOL Uninstaller (Choose which Products to Remove)
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Conexant HD Audio
Corel Paint Shop Pro Photo XI
Corel Snapfire
Coupon Printer for Windows
D3DX10
ESU for Microsoft Vista
Eusing Free Registry Cleaner
Firebird SQL Server - MAGIX Edition (US)
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPNetworkAssistant
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LG Android Driver
LG USB Modem Driver
LG USB WML Modem Driver
LightScribe System Software
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mobile Broadband Drivers
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSCU for Microsoft Vista
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Mystery Case Files - Huntsville (remove only)
NBC Direct Beta
Netflix Movie Viewer
NVIDIA Drivers
OpenCASE Media Agent
PC Backup Lite
PdaNet for Android 3.00
Photo Story 3 for Windows
PSSWCORE
QuestScan 1.0 build 193
QuickTime
Rhapsody
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
ShopAtHome.com Toolbar
SmartAudio
Spelling Dictionaries Support For Adobe Reader 8
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Tweaking.com - Registry Backup
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
VZAccess Manager
Webroot SecureAnywhere
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
Run by The Roberts' at 9:47:45 on 2013-06-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.681 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\locator.exe
C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\iashost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\AOL\1196209457\ee\aolsoftware.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\The Roberts'\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\The Roberts'\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\taskeng.exe
C:\Users\The Roberts'\Desktop\SystemLook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uProxyOverride = <local>
uURLSearchHooks: {37153479-1976-43c3-a1ee-557513977b64} - <orphaned>
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autoRun
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [Akamai NetSession Interface] "c:\users\the roberts'\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP-Diags] "c:\program files\hewlett-packard\hp battery check\hpdom\HPDiags.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HostManager] "c:\program files\common files\aol\1196209457\ee\AOLSoftware.exe"
mRun: [Corel Photo Downloader] "c:\program files\corel\corel snapfire\Corel Photo Downloader.exe"
mRun: [CanonSolutionMenu] "c:\program files\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [B2C_AGENT] "c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SelectRebates] "c:\program files\selectrebates\SelectRebates.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\therob~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layou ... anvasx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{AA65BA01-6B0E-4023-AC60-9E29D02C2C98} : DHCPNameServer = 192.168.43.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\the roberts'\appdata\roaming\mozilla\firefox\profiles\37gqx296.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&q=
FF - component: c:\users\the roberts'\appdata\roaming\mozilla\firefox\profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-10-31 03:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2013-6-17 117792]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-12-28 21504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-12-28 21504]
R2 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2008-3-24 647242]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2013-6-17 742408]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-10-9 13312]
S2 gupdate1ca08dcc84c2060;Google Update Service (gupdate1ca08dcc84c2060);c:\program files\google\update\GoogleUpdate.exe [2009-7-19 133104]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-6-18 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-6-18 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-6-18 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-6-18 24960]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2010-6-18 25728]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2008-3-24 1527900]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-6-18 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-06-25 14:34:04 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0f067101-f864-493d-b7b0-09fd164161a8}\mpengine.dll
2013-06-25 14:17:51 867240 -c--a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 14:17:27 94632 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 14:12:18 -------- dc----w- C:\RegBackup
2013-06-25 14:11:54 -------- dc----w- c:\program files\Tweaking.com
2013-06-18 15:33:48 -------- dc----w- c:\users\the roberts'\appdata\local\Macromedia
2013-06-18 00:34:51 905576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-18 00:34:46 985600 -c--a-w- c:\windows\system32\crypt32.dll
2013-06-18 00:34:46 98304 -c--a-w- c:\windows\system32\cryptnet.dll
2013-06-18 00:34:46 812544 -c--a-w- c:\windows\system32\certutil.exe
2013-06-18 00:34:46 41984 -c--a-w- c:\windows\system32\certenc.dll
2013-06-18 00:34:46 133120 -c--a-w- c:\windows\system32\cryptsvc.dll
2013-06-18 00:34:02 3603816 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-18 00:34:02 3551080 -c--a-w- c:\windows\system32\ntoskrnl.exe
2013-06-18 00:34:01 64000 -c--a-w- c:\windows\system32\smss.exe
2013-06-18 00:34:01 49152 -c--a-w- c:\windows\system32\csrsrv.dll
2013-06-18 00:33:55 638328 -c--a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-18 00:33:55 37376 -c--a-w- c:\windows\system32\cdd.dll
2013-06-18 00:33:42 1082232 -c--a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-18 00:33:40 376320 -c--a-w- c:\windows\system32\winsrv.dll
2013-06-18 00:33:38 2067968 -c--a-w- c:\windows\system32\mstscax.dll
2013-06-18 00:33:37 15872 -c--a-w- c:\windows\system32\drivers\usb8023.sys
2013-06-18 00:33:31 24576 -c--a-w- c:\windows\system32\cryptdlg.dll
2013-06-18 00:32:56 1314816 -c--a-w- c:\windows\system32\quartz.dll
2013-06-18 00:31:57 2049024 -c--a-w- c:\windows\system32\win32k.sys
2013-06-18 00:31:51 443904 -c--a-w- c:\windows\system32\win32spl.dll
2013-06-18 00:31:51 37376 -c--a-w- c:\windows\system32\printcom.dll
2013-06-18 00:05:20 151728 -c--a-w- c:\windows\system32\WRusr.dll
2013-06-18 00:05:20 117792 -c--a-w- c:\windows\system32\drivers\WRkrn.sys
2013-06-18 00:05:08 -------- dc----w- c:\programdata\WRData
.
==================== Find3M ====================
.
2013-06-25 14:15:46 789416 -c--a-w- c:\windows\system32\deployJava1.dll
2013-06-18 00:23:29 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-18 00:23:29 692104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 22:39:39 1800704 -c--a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 -c--a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 -c--a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 -c--a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 -c--a-w- c:\windows\system32\mshtml.tlb
2013-05-02 07:06:08 238872 -c----w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: TOSHIBA_MK1237GSX rev.DL132C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x8228F926] -> \Device\Harddisk0\DR0[0x851A0730]
3 CLASSPNP[0x87FA38B3] -> ntkrnlpa!IofCallDriver[0x8228F926] -> [0x8460B918]
5 acpi[0x82C176BC] -> ntkrnlpa!IofCallDriver[0x8228F926] -> \Device\Ide\IdeDeviceP0T0L0-0[0x84FE3640]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 9:48:16.70 ===============
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 10:59 am

SystemLook 04.09.10 by jpshortstuff
Log created at 09:45 on 25/06/2013 by The Roberts'
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
No files found.

Searching for "*conduit*"
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\chrome\conduitengine.jar --a--c- 725364 bytes [20:09 19/12/2010] [20:09 19/12/2010] B09EA9D65E72CCD11CCA5453A6A32ACD
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt --a--c- 166 bytes [20:09 19/12/2010] [20:09 19/12/2010] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\components\ConduitToolbar.idl --a--c- 152 bytes [20:09 19/12/2010] [20:09 19/12/2010] 33D4D4337895FCA507DF937B5980D41A
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt --a--c- 140 bytes [20:09 19/12/2010] [20:09 19/12/2010] DFFE26916941DE0A33E503FD38008290
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\searchplugin\conduit.gif --a--c- 173 bytes [20:10 19/12/2010] [20:10 19/12/2010] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\searchplugin\conduit.PNG --a--c- 255 bytes [20:10 19/12/2010] [20:10 19/12/2010] AF3A51D0B8D6F04EE33307A654560DBE
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\searchplugin\conduit.xml --a--c- 913 bytes [20:10 19/12/2010] [20:10 19/12/2010] 4E45A93B99F44F41EADFB167FB85FB02
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\ConduitAutoCompleteSearch.js --a--c- 8641 bytes [13:45 22/06/2011] [19:08 20/06/2011] 467C3FEB6421FFDE5CD545B21DCD4696
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\ConduitAutoCompleteSearch.xpt --a--c- 166 bytes [13:45 22/06/2011] [19:08 20/06/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\searchplugin\conduit.xml --a--c- 925 bytes [13:45 22/06/2011] [19:08 20/06/2011] 945345330AE50356171B26CCAD1528DF
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)\components\ConduitAutoCompleteSearch.xpt --a--c- 166 bytes [22:20 03/08/2011] [22:16 01/08/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)\searchplugin\conduit.xml --a--c- 913 bytes [22:20 03/08/2011] [22:16 01/08/2011] 9E22D3D1164819627AC4E00595D559F4
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js --a--c- 8641 bytes [13:45 22/06/2011] [19:07 20/06/2011] 467C3FEB6421FFDE5CD545B21DCD4696
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt --a--c- 166 bytes [13:45 22/06/2011] [19:07 20/06/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml --a--c- 863 bytes [13:45 22/06/2011] [19:07 20/06/2011] 9899FF3D3FB322748631B08B248D8055
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\conduit.xml --a--c- 863 bytes [16:04 02/05/2011] [19:07 20/06/2011] 9899FF3D3FB322748631B08B248D8055
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPWVCJ31\contextmenu_toolbar_conduit-services_com[1].txt --a---- 7046 bytes [18:18 14/05/2011] [18:18 14/05/2011] 2FEB6772FE1EAADE909B94F77730A174
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJUSMJN3\contextmenu_toolbar_conduit-services_com[1].txt --a---- 5524 bytes [18:18 14/05/2011] [18:18 14/05/2011] A682A34DF1ECD0DAD55086A5288F23CA
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJUSMJN3\contextmenu_toolbar_conduit-services_com[2].txt --a---- 5523 bytes [18:18 14/05/2011] [18:18 14/05/2011] 4AE332F3180103BF85A1D3B19A4F5A89
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3INHQXA\contextmenu_toolbar_conduit-services_com[2].txt --a---- 6590 bytes [18:18 14/05/2011] [18:18 14/05/2011] 426C9C41725757215503322236595685
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_47_255_CT2559647_Images_634328991090318750_png.png --a---- 2475 bytes [18:18 14/05/2011] [18:18 14/05/2011] D2BAA3B75F0F533EE3FDDE5A01836ED2
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_47_255_CT2559647_Skins_634332317643568752_png.png --a---- 254 bytes [18:18 14/05/2011] [18:18 14/05/2011] 44262659E067191827D91AE22B66AE5C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [18:18 14/05/2011] [18:18 14/05/2011] 99D5F75C338F2A877CBF891E0F18746E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [18:18 14/05/2011] [18:18 14/05/2011] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [18:18 14/05/2011] [18:18 14/05/2011] A847C5F6CE2C700048749892DD2E0619
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [18:18 14/05/2011] [18:18 14/05/2011] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [18:18 14/05/2011] [18:18 14/05/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [18:18 14/05/2011] [18:18 14/05/2011] 943ADFD9E0DF1507F7BC419802BF4303
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [18:18 14/05/2011] [18:18 14/05/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [18:18 14/05/2011] [18:18 14/05/2011] 275C9DA2D536F18F528C80E050C3D705
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [18:18 14/05/2011] [18:18 14/05/2011] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [18:18 14/05/2011] [18:18 14/05/2011] 650731EEF807C292E699779B12CBE552
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [18:18 14/05/2011] [18:18 14/05/2011] 9B4D914888BCFFCBAE6757A0E450551C
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [18:18 14/05/2011] [18:18 14/05/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [18:18 14/05/2011] [18:18 14/05/2011] A9E001CBC00B06B121DFBC80707F5298
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [18:18 14/05/2011] [18:18 14/05/2011] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [18:18 14/05/2011] [18:18 14/05/2011] 995595D4C685D659E8F03CD0A287EDDF
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [18:18 14/05/2011] [18:18 14/05/2011] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [18:18 14/05/2011] [18:18 14/05/2011] 464E244E7E2F27FB85E0C3AB69D72104
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [18:18 14/05/2011] [18:18 14/05/2011] 6427565C7105DC497287866100F260BB
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [18:18 14/05/2011] [18:18 14/05/2011] AE7C9F67594A84B096D225601ACB0B2A
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [18:18 14/05/2011] [18:18 14/05/2011] C3EBA0237D68F665AF6D663906221092
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [18:18 14/05/2011] [18:18 14/05/2011] 5E7217A3357550F9749A095631F51015
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [18:18 14/05/2011] [18:18 14/05/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_searchengines_go_btn_new_gif.gif --a---- 891 bytes [18:18 14/05/2011] [18:18 14/05/2011] F74F91E7DF0A5A5283AB2D2F0E6E58DE
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [18:18 14/05/2011] [18:18 14/05/2011] 66018EAE0906C9831A821CAE5D1089BB
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [18:18 14/05/2011] [18:18 14/05/2011] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [18:18 14/05/2011] [18:18 14/05/2011] 948781E4B6478290050ECA4423B89B1E
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [18:18 14/05/2011] [18:18 14/05/2011] AE5A39669C623937C0839E079E1088D5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [18:18 14/05/2011] [18:18 14/05/2011] 766433EF38BDA83C4FD4932027A4B9D5
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7046 bytes [18:18 14/05/2011] [18:18 14/05/2011] 2FEB6772FE1EAADE909B94F77730A174
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5524 bytes [18:18 14/05/2011] [18:18 14/05/2011] A682A34DF1ECD0DAD55086A5288F23CA
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6590 bytes [18:18 14/05/2011] [18:18 14/05/2011] 426C9C41725757215503322236595685
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5523 bytes [18:18 14/05/2011] [18:18 14/05/2011] 4AE332F3180103BF85A1D3B19A4F5A89
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lillapper$@apps.conduit[1].txt --a---- 197 bytes [19:17 14/05/2011] [19:17 14/05/2011] A30E26059D8B4F5C53C9724AEDF143C9
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lillapper$@search.conduit[1].txt --a---- 160 bytes [19:17 14/05/2011] [19:17 14/05/2011] 707AF62CB797307C4E30E61632E7C6BD
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lillapper$@services.apps.conduit[1].txt --a---- 206 bytes [19:17 14/05/2011] [19:17 14/05/2011] C6315C96BB0E44D6A9EDE892A46E6ED9
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lillapper$@social.conduit[1].txt --a---- 199 bytes [19:17 14/05/2011] [19:17 14/05/2011] 06C793C16EC6B55A3453ABA16CF2D656
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apps.conduit[1].txt --a---- 198 bytes [16:06 02/05/2011] [18:18 14/05/2011] FBAC3D7EFB0259C1B3CEC0C31441A869
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.conduit[1].txt --a---- 161 bytes [16:06 02/05/2011] [18:18 14/05/2011] 088CE5D43F1A3CFFF8277FE8F2DF1492
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@services.apps.conduit[2].txt --a---- 207 bytes [18:18 14/05/2011] [18:18 14/05/2011] 57326B134E4C631829BF62D265643CD2
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@social.conduit[1].txt --a---- 200 bytes [16:06 02/05/2011] [18:18 14/05/2011] DAE2F1D56F77C952F08100D854971184
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_952537_948310_US.xml --a---- 188 bytes [18:24 14/05/2011] [19:35 14/05/2011] B6B4B8E9F1DBA0340B2FB22EE20FA63A

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia d----c- [22:29 25/09/2009]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia d----c- [22:29 25/09/2009]

Searching for "*conduit*"
C:\Program Files\ConduitEngine d----c- [20:09 19/12/2010]
C:\Users\The Roberts'\AppData\Local\Conduit d----c- [18:06 17/04/2011]
C:\Users\The Roberts'\AppData\LocalLow\ConduitEngine d----c- [20:09 19/12/2010]
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\conduit d----c- [15:50 02/05/2011]
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\conduitCommon d----c- [14:37 23/06/2011]
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com d----c- [20:09 19/12/2010]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\Repository\conduit_CT2559647_CT2559647 d------ [16:06 02/05/2011]
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit d------ [16:06 02/05/2011]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech]
[HKEY_LOCAL_MACHINE\SOFTWARE\Trolltech]
[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech]
[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_CT2559647]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_en]
[HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_CT2559647]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_en]

-= EOF =-

I know I was late posting these and if I need to do anything else, let me know
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Gary R » June 25th, 2013, 1:03 pm

Looking over your logs, back soon.

You're lucky, I'm not engaged with any other topics at the moment, if I had of been, I would not have picked up this topic and you would have had to wait for another helper. Like all the helpers here, I am always busy, and can only work a restricted number of topics. There are a lot of people looking fr help, so if one of the people I'm helping fails to reply I generally move on to another. So if/when the "dropped" topic replies late, I'm unavailable to help them.

Please reply within the time frames given, they are there for a purpose. If you have problems meeting them, then let me know so I can make allowances.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Questscan issue part 2 CC Gary R

Unread postby Gary R » June 25th, 2013, 2:28 pm

OK. let's get started cleaning your machine ...

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6


Old versions of java can be exploited.

Reboot your computer when finished

Next

You need to temporarily disable Webroot Secure Anywhere before running the following instructions as it may interfere with the removal process.
  • Open the main WSA GUI and click on settings at the top right corner.
  • In the next window click on Advance Settings and put a check mark against ... Allow SecureAnywhere to be shut down manually.
  • Click Save All
  • Go to the WSA Tray Icon a Right Click on it and it gives you the option to Shut Down.

Don't forget to re-enable it when you've finished running the fixes.

Next

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
IE - HKLM\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN ... ;keywords= {searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN ... ;keywords= {searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QstscanPB ... ;keywords= {searchTerms}
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT2559647
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com :3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.3.3.2
[2011/06/23 09:36:27 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/08/04 12:38:23 | 000,000,000 | ---D | M] (Mapit Community Toolbar) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)
[2011/06/23 09:36:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/12/19 15:10:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com
[2011/06/20 14:07:48 | 000,000,863 | ---- | M] () -- C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\conduit.xml
[2012/04/15 20:50:34 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2011/08/03 20:11:21 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}(6)
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-1227975793-3019168394-2461974651-1000\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layou ... anvasx.cab (JordanUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O33 - MountPoints2\{77716eb8-518c-11de-9e4a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{77716eb8-518c-11de-9e4a-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a961d791-49b6-11df-a0c5-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a961d791-49b6-11df-a0c5-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dccf9524-611e-11de-a76f-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dccf9524-611e-11de-a76f-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[4 C:\Users\The Roberts'\Documents\*.tmp files -> C:\Users\The Roberts'\Documents\*.tmp -> ]
[2010/09/29 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\LimeWire
[2011/08/11 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\The Roberts'\AppData\Roaming\uTorrent

:Files
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\conduit.xml
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit
C:\Program Files\ConduitEngine
C:\Users\The Roberts'\AppData\Local\Conduit
C:\Users\The Roberts'\AppData\LocalLow\ConduitEngine
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\conduit
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\conduitCommon
C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Trolltech]
[-HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech]
[-HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com]
[-HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com]

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • OTL fix log
  • Let me know how your computer is running now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 3:28 pm

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 14:20:44
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : The Roberts' - LILLAPPER
# Boot Mode : Normal
# Running from : C:\Users\The Roberts'\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
Folder Deleted : C:\Program Files\QuestScan
Folder Deleted : C:\Program Files\SelectRebates
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\QuestScan
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\The Roberts'\AppData\Local\Conduit
Folder Deleted : C:\Users\The Roberts'\AppData\Local\PackageAware
Folder Deleted : C:\Users\The Roberts'\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\Conduit
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\ConduitCommon
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\CT2559647
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\CT2786678
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\CT3003485
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealScout
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestScan
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\QuestScan
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\prefs.js

Deleted : user_pref("CT2559647..clientLogIsEnabled", true);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Sun Jul 17 2011 08:59:46 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2559647.CT2559647", "CT2559647");
Deleted : user_pref("CT2559647.CurrentServerDate", "29-7-2011");
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Wed Jul 27 2011 12:43:43 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Fri Jul 29 2011 00:08:49 GMT-050[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Fri Jul 29 2011 00:08:49 GMT-050[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Fri Jul 29 2011 00:08:49 GMT-050[...]
Deleted : user_pref("CT2559647.FirstServerDate", "2-5-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2559647.InstalledDate", "Mon May 02 2011 11:03:44 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2559647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", true);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", true);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Thu Jul 28 2011 12:43:43 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.3.3.2", "Wed Jun 22 2011 08:32:22 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2559647.LastLogin_3.5.0.12", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2559647.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", " ");
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Thu Jul 28 2011 12:43:32 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2559647.SearchProtectorEnabled", true);
Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Thu Jul 28 2011 12:43:34 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Fri Jul 29 2011 00:08:48 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1311168866");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 11:00:50 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2559647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2559647.UserID", "UN66502077602924817");
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.approveUntrustedApps", true);
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central [...]
Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.initDone", true);
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129404749084494749,129[...]
Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Thu Jul 28 2011 12:43:41 GMT-0500 (Central D[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Jul 28 2011 11:00:59 GMT-0500 (Central D[...]
Deleted : user_pref("CT2559647.usagesFlag", 1);
Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Sun Jul 17 2011 08:59:46 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2786678.CurrentServerDate", "29-7-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Jul 27 2011 12:43:43 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Jul 29 2011 00:20:31 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 489);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "23-6-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstalledDate", "Thu Jun 23 2011 09:37:24 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);
Deleted : user_pref("CT2786678.IsProtectorsInit", true);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Jul 28 2011 12:43:43 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", " ");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Jul 28 2011 12:43:32 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", true);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Jul 28 2011 12:43:36 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1311517341");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Jul 14 2011 11:01:01 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN20750734419670386");
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F742E636F2F4A72364456735A");
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333131393136343831383933");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12929569801701[...]
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Jul 28 2011 12:43:42 GMT-0500 (Central D[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Jul 28 2011 11:01:04 GMT-0500 (Central D[...]
Deleted : user_pref("CT3003485..clientLogIsEnabled", true);
Deleted : user_pref("CT3003485..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3003485..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3003485.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3003485.CT3003485", "CT3003485");
Deleted : user_pref("CT3003485.CurrentServerDate", "29-7-2011");
Deleted : user_pref("CT3003485.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3003485.DialogsGetterLastCheckTime", "Wed Jul 27 2011 17:23:48 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT3003485.DownloadReferralCookieData", "");
Deleted : user_pref("CT3003485.ExternalComponentPollDate129491538130487928", "Wed Jul 27 2011 12:43:40 GMT-050[...]
Deleted : user_pref("CT3003485.FirstServerDate", "18-7-2011");
Deleted : user_pref("CT3003485.FirstTime", true);
Deleted : user_pref("CT3003485.FirstTimeFF3", true);
Deleted : user_pref("CT3003485.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3003485.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3003485.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3003485.HasUserGlobalKeys", true);
Deleted : user_pref("CT3003485.Initialize", true);
Deleted : user_pref("CT3003485.InitializeCommonPrefs", true);
Deleted : user_pref("CT3003485.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3003485.InstalledDate", "Sun Jul 17 2011 19:07:43 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3003485.InvalidateCache", false);
Deleted : user_pref("CT3003485.IsAlertDBUpdated", true);
Deleted : user_pref("CT3003485.IsGrouping", false);
Deleted : user_pref("CT3003485.IsInitSetupIni", true);
Deleted : user_pref("CT3003485.IsMulticommunity", false);
Deleted : user_pref("CT3003485.IsOpenThankYouPage", true);
Deleted : user_pref("CT3003485.IsOpenUninstallPage", true);
Deleted : user_pref("CT3003485.IsProtectorsInit", true);
Deleted : user_pref("CT3003485.LanguagePackLastCheckTime", "Thu Jul 28 2011 12:43:44 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT3003485.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3003485.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3003485.LastLogin_3.5.0.12", "Fri Jul 29 2011 00:08:50 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3003485.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT3003485.Locale", "en");
Deleted : user_pref("CT3003485.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3003485.MCDetectTooltipShow", false);
Deleted : user_pref("CT3003485.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3003485.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3003485.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3003485.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT3003485.RadioIsPodcast", false);
Deleted : user_pref("CT3003485.RadioLastCheckTime", "Sun Jul 17 2011 19:07:41 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3003485.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3003485.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3003485.RadioMediaID", "9962");
Deleted : user_pref("CT3003485.RadioMediaType", "Media Player");
Deleted : user_pref("CT3003485.RadioMenuSelectedID", "EBRadioMenu_CT30034859962");
Deleted : user_pref("CT3003485.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3003485.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3003485.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3003485.SearchEngineBeforeUnload", " ");
Deleted : user_pref("CT3003485.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3003485.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]
Deleted : user_pref("CT3003485.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3003485.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3003485.SearchInNewTabLastCheckTime", "Thu Jul 28 2011 12:43:40 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT3003485.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3003485.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT3003485.SearchProtectorEnabled", false);
Deleted : user_pref("CT3003485.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3003485.ServiceMapLastCheckTime", "Thu Jul 28 2011 12:43:41 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT3003485.SettingsLastCheckTime", "Fri Jul 29 2011 00:08:49 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT3003485.SettingsLastUpdate", "1311779751");
Deleted : user_pref("CT3003485.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3003485.ThirdPartyComponentsLastCheck", "Sun Jul 17 2011 19:07:39 GMT-0500 (Central Day[...]
Deleted : user_pref("CT3003485.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT3003485.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3003485.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3003485");
Deleted : user_pref("CT3003485.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3003485.UserID", "UN41284519242793283");
Deleted : user_pref("CT3003485.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3003485.alertChannelId", "1395219");
Deleted : user_pref("CT3003485.approveUntrustedApps", false);
Deleted : user_pref("CT3003485.components.1000082", false);
Deleted : user_pref("CT3003485.components.1000515", false);
Deleted : user_pref("CT3003485.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3003485.globalFirstTimeInfoLastCheckTime", "Fri Jul 29 2011 00:08:51 GMT-0500 (Central [...]
Deleted : user_pref("CT3003485.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3003485.initDone", true);
Deleted : user_pref("CT3003485.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3003485.isFirstRadioInstallation", false);
Deleted : user_pref("CT3003485.myStuffEnabled", true);
Deleted : user_pref("CT3003485.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3003485.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3003485.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3003485.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3003485.oldAppsList", "129491538127987918,129491538128456672,111,129491538128612923,129[...]
Deleted : user_pref("CT3003485.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3003485.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3003485.testingCtid", "");
Deleted : user_pref("CT3003485.toolbarAppMetaDataLastCheckTime", "Thu Jul 28 2011 12:43:44 GMT-0500 (Central D[...]
Deleted : user_pref("CT3003485.toolbarContextMenuLastCheckTime", "Sun Jul 17 2011 19:07:43 GMT-0500 (Central D[...]
Deleted : user_pref("CT3003485.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2559647");
Deleted : user_pref("CommunityToolbar.ConduitSearchList", " ");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1390878/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT3003485", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT3003485",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 647&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 485&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT3003485[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\The Roberts'\\AppData\\Roaming\\Moz[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT2786678,CT3003485");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT2786678,CT3003485");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3003485");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 02 2011 11:03:33 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 08:32:28 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 08:32:20 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "f66e9795-754f-4b79-9e4b-facde362c986");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jul 28 2011 12:43:33 GMT-0500 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "49da36e1-f704-461d-8484-3907fc72eeb1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 28 2011 13:36:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Jul 28 2011 12:43:43 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 28 2011 12:43:33 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "d2363457-460b-4af5-b0f4-f6817e1471d2");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea[...]

*************************

AdwCleaner[R1].txt - [35049 octets] - [25/06/2013 09:16:50]
AdwCleaner[S1].txt - [35368 octets] - [25/06/2013 14:20:44]

########## EOF - C:\AdwCleaner[S1].txt - [35429 octets] ##########
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 3:41 pm

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ not found.
Registry value HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}\ not found.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: engine@conduit.com :3.2.5.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {37153479-1976-43c3-a1ee-557513977b64}:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}(35)\ not found.
Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com\ not found.
File C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\conduit.xml not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\ not found.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}(6)\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}(6) folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.
Registry value HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.
Registry value HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates deleted successfully.
File C:\Program Files\SelectRebates\SelectRebates.exe not found.
Starting removal of ActiveX control {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}
C:\Windows\Downloaded Program Files\jordan.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77716eb8-518c-11de-9e4a-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77716eb8-518c-11de-9e4a-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77716eb8-518c-11de-9e4a-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77716eb8-518c-11de-9e4a-00038a000015}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ab1bd11-7ddb-11dd-888b-bf44cc0523a1}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a961d791-49b6-11df-a0c5-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a961d791-49b6-11df-a0c5-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a961d791-49b6-11df-a0c5-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a961d791-49b6-11df-a0c5-00038a000015}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dccf9524-611e-11de-a76f-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dccf9524-611e-11de-a76f-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dccf9524-611e-11de-a76f-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dccf9524-611e-11de-a76f-00038a000015}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\The Roberts'\Documents\~WRL0001.tmp deleted successfully.
C:\Users\The Roberts'\Documents\~WRL0003.tmp deleted successfully.
C:\Users\The Roberts'\Documents\~WRL0886.tmp deleted successfully.
C:\Users\The Roberts'\Documents\~WRL2935.tmp deleted successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\themes folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\LimeWire folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\The Roberts'\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0} not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\searchplugins\conduit.xml not found.
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit folder moved successfully.
File\Folder C:\Program Files\ConduitEngine not found.
File\Folder C:\Users\The Roberts'\AppData\Local\Conduit not found.
File\Folder C:\Users\The Roberts'\AppData\LocalLow\ConduitEngine not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\conduit not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\conduitCommon not found.
File\Folder C:\Users\The Roberts'\AppData\Roaming\Mozilla\Firefox\Profiles\37gqx296.default\extensions\engine@conduit.com not found.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\UserDefinedItems folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\Repository\conduit_CT2559647_CT2559647\ToolbarSettings folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\Repository\conduit_CT2559647_CT2559647\ToolbarLogin folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\Repository\conduit_CT2559647_CT2559647 folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\Repository folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\Logs folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\EmailNotifier folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Coupons.com folder moved successfully.
File\Folder C:\Windows\System32\config\The Roberts'\AppData\LocalLow\Conduit not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\The Roberts'\Desktop\cmd.bat deleted successfully.
C:\Users\The Roberts'\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1227975793-3019168394-2461974651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56507 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The Roberts'
->Temp folder emptied: 18819191 bytes
->Temporary Internet Files folder emptied: 1569210138 bytes
->Java cache emptied: 12278985 bytes
->FireFox cache emptied: 66764759 bytes
->Flash cache emptied: 5629172 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53131496 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 122880 bytes

Total Files Cleaned = 1,646.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06252013_142925

Files\Folders moved on Reboot...
C:\Users\The Roberts'\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 3:43 pm

HP Active Support installed automatically after reboot
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Gary R » June 25th, 2013, 3:59 pm

looking better so far ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 25th, 2013, 11:26 pm

no found threats
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Gary R » June 26th, 2013, 1:00 am

Looks like your computer is free of Malware, please let me know if you have any remaining problems.

Once I've heard back from you I'll give you instructions for how to safely remove the programs we've been using to clean your machine, and make a few suggestions for how to secure your computer against further attacks.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Questscan issue part 2 CC Gary R

Unread postby Cornell924 » June 26th, 2013, 1:20 am

I think that is all I need. Thank you so much and I am truly sorry for being so tardy with my replies
Cornell924
Regular Member
 
Posts: 20
Joined: June 9th, 2013, 10:02 pm

Re: Questscan issue part 2 CC Gary R

Unread postby Gary R » June 26th, 2013, 1:05 pm

You're welcome, glad we could help. :)

OK, let's get those programs removed.

First

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete the following ....

C:\Users\The Roberts'\Desktop\adwcleaner.exe
C:\AdwCleaner[R1].txt
C:\AdwCleaner[s1].txt


Next

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Tweaking.com Registry Backup


As far as I can see, your computer looks clear of infection now.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.




.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware